In this first installment of a special three-part series, Chris Willis, Lori Sommerfield, Addison Morgan, and Josh McBeain discuss the Consumer Financial Protection Bureau’s (CFPB) new small business lending data collection and reporting final rule — the Section 1071 rule. Part 1 of this special series provides a general overview of the rule.
Please join Troutman Pepper Partner Chris Willis and his colleagues Lori Sommerfield, Addison Morgan, and Josh McBeain for the first installment of a special three-part series about the Consumer Financial Protection Bureau’s (CFPB) new small business lending data collection and reporting final rule — the Section 1071 rule. Part 1 of this special series provides a general overview of the rule, including:
Stay tuned for Part 2 of this special series that takes a deeper dive into the rule’s data collection requirements and anti-discouragement provisions.
CFS Partner Lori Sommerfield brings more than two decades of experience in representing a wide range of banks, financial institutions, and financial services companies in fair lending and responsible banking regulatory compliance. She has extensive experience in helping clients navigate fair lending examinations and supervisory issues, and she has successfully represented clients in high-stakes fair lending regulatory investigations and enforcement actions. Prior to joining the firm, Lori held significant legal positions in federal government, in-house, and private practice settings (including two other nationally known law firms), which she leverages to effectively represent her clients’ interests.
CFS Associate Addison Morgan represents several of the nation’s preeminent financial institutions in litigation arising under the Fair Credit Reporting Act, Telephone Consumer Protection Act, Fair Debt Collection Practices Act, Federal Trade Commission Holder Rule, and other consumer protection state analogs. In addition to his litigation practice, Addison also provides regulatory compliance assistance to a wide array of companies across the financial services industry.
CFS Associate Josh McBeain focuses his practice on federal and state consumer and business lending and payments laws, including those applying to credit cards, installment loans, lines of credit, point-of-sale finance, and the development of digital financial service products. Before joining the firm, Josh served as in-house counsel to a major financial institution where he advised on an array of regulatory, legal, and compliance issues. He also worked at the Federal Reserve Bank of Minneapolis for several years, where he examined banks for compliance with consumer and business laws.
The Consumer Finance Podcast: CFPB’s Section 1071 Final Rule (Part 1): A General Overview
Aired: May 2, 2023
Host: Chris Willis
Guests: Lori Sommerfield, Addison Morgan, Josh McBeain
Chris:
Welcome to the Consumer Finance Podcast. I'm Chris Willis, the co-leader of Troutman Pepper’s Consumer Financial Services Regulatory Practice. And I'd like to welcome you to today's episode, which is part one of a special three-part series that we're going to be releasing about the CFPB's small business data collection rule, or as we like to refer to it, the 1071 rule. But before we jump into the 1071 rule, let me remind you to visit and subscribe to our blog, consumerfinancialserviceslawmonitor.com, where you'll see all of our daily updates about what's going on in the world of consumer finance. And don't forget to check out our other podcasts. We have the FCRA Focus all about credit reporting, the Crypto Exchange about everything crypto, and Unauthorized Access, which is our privacy and data security podcast, and all of them are available on all popular podcast platforms.
And speaking of those platforms, if you like this podcast, go onto your podcast platform of choice and leave us a review. Let us know how we're doing. Now, as I said, the release of the 1071 rule is I think one of the most important developments for the financial services industry that we've seen in a very long time. So we're devoting three episodes to it. In this first episode, we're going to be giving an overview of the 1071 rule and highlighting some of the things that have changed from the proposed rule that was released in the fall of 2021. Then we'll have two more episodes that look in more detail at certain aspects of the rule. So look for those on your podcast feed.
But today for this overview episode, I'm joined by three of my colleagues. My partner Lori Sommerfield, and our associates, Josh McBeain and Addison Morgan, all members of our Consumer Financial Services group and all of whom have actually read the entirety of the 1071 rule. So they're very qualified to talk to you today about what's going on in that rule. So, first of all, let me just welcome the three of you to the podcast. Lori, Josh, Addison, thanks for being on today.
Lori:
Thanks for having us, Chris.
Addison:
Yes, thank you, Chris.
Chris:
Lori, let me start with you. Can you give the audience just a little background on the origin and timing of this rule, both the proposed rule and the final rule that got unloaded on us right at the end of March?
Lori:
Sure, Chris. The small business lending data collection and reporting rulemaking was required by Section 1071 of the Dodd-Frank Act of 2010, a law that was enacted 13 years ago. Section 1071 amended the Equal Credit Opportunity Act require lenders to collect information about small business credit applications that they receive and then have to report that data to the CFPB. And some of the data involves things like geographic and demographic data concerning the principal owners of the small business, lending decisions themselves, as well as the price of credit. After years of delay by the CFPB and taking action on this required rulemaking, the California Reinvestment Coalition and a couple of other consumer advocacy groups sued the Bureau in 2019, and basically demanded that the CFPB issue a proposed rule. A court order required the CFPB to establish a timetable for the required rulemaking. And the Bureau finally issued the proposed rule in 2021.
After considering the comments, and I think there were over 2,500 comments that the CFPB considered, the Bureau finally issued the final rule implementing section 1071 on March 30th of this year. And it's massive, highly technical, and complicated. The rule clocks in at 888 pages with a 123-page-long filing instruction guide, otherwise known as the FIG. So, it runs well over 1000 pages. It's truly daunting to read, much less comply with.
Chris:
Yeah, but I was really looking for the final rule to be exactly 1071 pages to match 1071. And the CFPB just totally whiffed that they didn't even come close.
Lori:
You're right, that would've been perfect synchronicity. They really should have shot for that.
Chris:
Yeah, well, whatever. I'm frustrated by that.
Lori:
I also wanted to mention that in addition to the final rule and the FIG, the CFPB also concurrently issued multiple other documents that accompanied the final rule, including a fact sheet, an executive summary, a compliance date chart for collecting and reporting small business loan data, a data points chart, a small business lending data collection form. That's basically a sample for how to go about collecting applicant's demographic information. And an enforcement policy concerning the CFPB's focus on the new anti-discouragement provisions of the final rule. So there's a whole host of documentation that small business lenders are going to have to read in order to achieve compliance with the final rule.
Chris:
Got it. So, we know it's big, we know it's complicated. But tell the audience what is the rule designed to do?
Lori:
Well, Chris, it's generally designed to increase transparency in small business lending, promote economic development and combat unlawful discrimination in the small business lending sphere. This has been something that I think has been a long time coming. I mean, we certainly have the Home Mortgage Disclosure Act that has compiled home mortgage lending data for many years, since 1977 to be exact. But there really hasn't been a complete database about what small business lending data looks like. And by the way, there are two components to this rule. In addition to the technical data collection and reporting requirements, there's also the fair lending aspect. First of all, the required collection of business status information - and that basically means whether a small business is woman owned, minority owned, or LGBTQI+ owned - as well as demographic data concerning the principal owners of the small business are certainly going to lead to close scrutiny of small business lending. In terms of fair lending performance by the CFPB, by other regulators, and by consumer advocacy groups. As they begin reviewing that data as it becomes available. And while there's going to be a delayed compliance date for most of the rule, the CFPB has announced that it's going to immediately begin enforcing the new anti- discouragement provisions. And I assume we'll discuss that a little bit later in the podcast.
Chris:
Well, actually, we're going to take a deep dive on that in part two of this series. We're going to talk all about discouragement because I think that's one of the most important parts of the new rule. I'm looking forward to discussing that with you on episode two. But let's just level set ourselves with the coverage of this rule. So it applies to small business lending. So what is a small business for the purpose of small business lending under this rule?
Lori:
The final rule basically adopts in part the small business administration's definition of small business concern, which defines the small business as one that had $5 million or less in gross annual revenue for the preceding fiscal year. Now, the CFPB did not choose to adopt the SBA's definition in its totality because that would've included asset thresholds like how big the small business was. It's really just looking mostly at gross annual revenue. And the CFPB has indicated that it plans to revisit and update that threshold every five years to account for inflation going forward.
Chris:
Unlike the credit card late fee rule, I'll just add, which is not going to be indexed for inflation. And I think it's also interesting, Lori, that the Bureau specifically says there are certain types of entities that are not small businesses. So, a loan to a nonprofit is not covered by the rule. And a loan to a government entity, or a subdivision, or agency of a government is not covered, because those aren't business concerns under the definition, right?
Lori:
That's correct.
Chris:
Okay. So, we know what small business lending is. But let's now ask what types of small business lenders are covered. Are there certain ones that are covered and certain not? Just tell us about that.
Lori:
Yes, absolutely. The final rule applies to covered financial institutions, which are generally defined as any company that engages in any financial activity and originates at least 100 covered originations in each of the two preceding calendar years. And the financial institution is going to need to determine if they're covered by this rule on an annual basis by making that determination. And by the way, the proposed rule would've set that bar very low at 25 covered originations. But the Bureau ultimately raised that threshold in the final rule to 100, which was a very favorable change for the industry. The Bureau claims that 100 accounts for over 95% of all small business loans that are originated by banks and credit unions. So that migration from 25 to 100 covered originations was very helpful.
It's also important to note that the final rule applies to a wide variety of business entities that engage in small lending. So that includes entities like depository institutions, online and platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing, farm credit system lenders, commercial finance companies, merchant cash advanced providers, and even to some extent, government lending entities and nonprofit lenders. So, the impact of this final rule is going to be felt very broadly across the small business lending sector.
Chris:
Okay. So, the answer to the question of what types of small business lenders are covered is almost everybody. But maybe let's come at this from another angle. What types of credit are covered? Are there certain kinds that are in or out for purposes of the rule?
Lori:
Yes, there's a long laundry list of what's in and what's out. So, what's in - covered credit transactions include closed end loans, lines of credit, business credit cards, online credit products, merchant cash advances and credit products used for agricultural purposes by banks, credit unions and other lenders. And it's notable that non-depository financial institutions are also going to be required to collect and report small business lending data. They account for about 550 billion in small business financing today. And online lending in particular by non-banks is rapidly evolving because it's particularly impactful for minority entrepreneurs who typically seek out online lenders for sources of capital and support.
You also asked me, Chris, what's not covered? Excluded transactions from the definition of business credit include trade credit, HMDA reportable transactions, insurance premium financing, public utilities, credit, securities credit and incidental credit as defined in Reg B. Without regard to whether the credit is consumer credit extended by a creditor or is extended to a consumer. The list goes on: factoring, leases, consumer designated credit used for business or agricultural purposes, purchases of a credit transaction, purchases of an interest in a pool of credit transactions or a partial interest in a credit transaction like a loan participation agreement. Those are all not covered credit transactions for purposes of the rules. So, you can see there's a lot of carve outs here in the final rule.
Chris:
Yeah, and to me, one of the interesting things is the Bureau takes a lot of space in that 888-page rulemaking release to distinguish between factoring that's out, as you've just mentioned, and merchant cash advance, which is in. And the way that they differentiate between the two is that factoring is basically the sale of accounts receivable by a merchant for goods or services that they've already provided but haven't yet been paid for. Whereas a merchant cash advance is sort of an advance against revenue to be earned in the future but has not been earned yet. That is to me, the essence of the CFPBs distinction between a covered merchant cash advance or other sales-based financing as opposed to factoring that's excluded from the rule. That'll be an important distinction for certain lenders to take a look at to see if they're covered, I think.
Lori:
Agreed.
Chris:
So, let's turn next to the data collection requirements. We're going to go over those with Addison in a lot more detail in a minute. But can you just give the audience a brief overview of the three types of data that will have to be collected if you're a covered financial institution making covered extensions of credit?
Lori:
First, covered financial institutions are going to have to report certain data points that the financial institution itself generates. Like the unique application identifier number and action taken on the application by the institution. Second, covered financial institutions will have to report data points that are based on information that either could be collected from the applicant or through a third-party source. And those data points include information that relates to the credit. It can also include information related to the applicant's business such as credit type, credit purpose, and the amount the applicant applied for. Third, institutions are going to be required to report certain data points that are based solely on demographic information that is requested and collected from the applicant. And those data points relate to the applicant's business status. Again, that means if the business is minority owned, woman owned, or LGBTQI+ owned. As well as the race, sex, and ethnicity of the applicant's principal owners and that data is really key from a fair lending enforcement perspective.
Just wanted to mention that principal owner is defined as an individual who directly owns 25% or more of the equity interest of a business. So as a result, an applicant will have no more than four principal owners if they're natural persons. And then finally, one other thing I just wanted to note here, Chris, is that the final rule also includes a sample data collection form that covered financial institutions can use to collect that demographic information from small business loan applicants. And there's also some required disclosures about collection of demographic data that have to be provided to applicants in advance of actually collecting it.
Chris:
Okay. And I know that the rule has a lot of very detailed provisions about the timing and manner of the collection of the applicant provided data. And we're going to talk again with Addison about that in just a minute. But there's also the inclusion of a new requirement that covered institutions can't discourage applicants from providing the data that's supposed to be collected from them. And those would impose significant new obligations and we think significant compliance risks on small business lenders. So, can you tell us about those requirements?
Lori:
Sure. The new anti-discouragement provisions really arise from both the final role as well as a new CFPB policy statement on discouragement. So, first of all, as background under Reg B, creditors for either consumer or commercial credit, are prohibited from making any oral or written statement, either in advertising or otherwise. To applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application. And the CFPB has really seized on this requirement as it relates to small business application process and incorporated it into the Section 1071 final rule. So now it's a requirement that any covered small business lenders must develop procedures for monitoring any indications of discouragement as part of their fair lending compliance program. And this focus on prospective applicants really seems to be a new theme for the CFPB.
The CFPB submitted numerous amicus curiae briefs and pending litigation about this issue. And discouraging prospective applicants was the basis upon which the CFPB brought Townstone redlining case, which it recently lost. Basically, under the final rule covered financial institutions have to establish procedures that are designed to identify and respond to any indicia potential discouragement. And that includes low response rates for applicant provided data. By the way, a response rate generally refers to the financial institution obtaining some type of a response from the applicant in response to a request for data. And a low response rate for applicant provided data can indicate that the institution's engaged in discouragement or some other failure to maintain procedures to collect applicant provided data that are reasonably designed to solicit a response.
Chris:
Thanks, Lori. And we will be taking a much deeper dive into the discouragement issue and the specific monitoring requirements that the CFPB has prescribed for covered financial institutions in the 1071 rule. And we'll be covering that in part two of this special three-part series. But I would just pause to note one of the most intimidating aspects of the wording of this part of the rule is that it prohibits any practice that has the effect of discouraging applicants. So, you don't even have to be doing it on purpose in order to be in violation of the rule. And I think that's going to worry financial institutions quite a bit. Let's briefly turn to the reporting requirements. The whole point of all this data collection is then for the data to be reported somewhere so that something can be done with it. Can you tell the audience a little bit about that?
Lori:
Generally, covered financial institutions are required to report small business lending data to the CFPB by June 1st of the year following the calendar year in which the financial institution collected the data. For example, if data was collected during 2024, reports would be due to the CFPB on June 1st of 2025. And the CFPB has provided the filing instructions guide, or the FIG, to help institutions navigate submission of data.
Chris:
Okay, got it. And the whole point of this, or at least part of the point of it, is that the CFPB is planning to make at least some portion of the 1071 data publicly available for anybody to use for whatever purpose. Has the Bureau said yet when and how it's going to make that data publicly available?
Lori:
Not quite yet. Although they have given some parameters around what they plan to do going forward and when they might release that information. Data that covered financial institutions are required to submit to the CFPB on an annual basis will generally be made available to the public, subject to certain modifications or deletions that the Bureau determines would advance a privacy interest. So, the CFPB is going to make that determination after it obtains a full year's worth of small business lending data. And then it'll announce that determination at a later date. The CFPB also states in the final rule that it expects to release higher level aggregate data before it releases any application level data to the public. And it's also notable I think, that the CFPB’s publication of data will satisfy a covered financial institution's statutory obligation to make that data available to the public upon request.
Chris:
Got it. What is the effective date of this rule? I know that originally the proposed rule was going to call for an 18-month compliance period. But now it's changed to one that's phased based on number of loans that someone's making. So, can you just briefly explain that to the audience?
Lori:
The final rule will be effective 90 days after publication in the Federal Register, but compliance isn't actually required at that time. To determine when a financial institution has to begin complying with the final rule, the institution has to determine which compliance date tier applies to it. Generally, compliance date tiers differ depending on the number of covered originations that the financial institution originated in 2022 and 2023. And of course, the financial institution also has to meet the definition of a covered financial institution for that year. Taken together, that means that there's going to be sort of a staged compliance process. So, larger compliance lenders are going to have to basically collect data from October 1st of 2024 through the end of the year if they originated at least 2,500 covered originations in both 2022 and 2023, and then report that data June 1st of the following year.
And so, it flows from there so that for small business lenders that engage in a moderate amount of lending, they have to begin collecting data on April 1st of 2025 if they meet certain thresholds for lending, and then report that data the following year. A financial institution begins collecting data on January 1st of 2026 if it originated at least a hundred covered originations in both 2024 and 2025. And that compliance date, which is pushed out as far as possible, applies to small business lenders that have a low volume of origination.
Chris:
Okay. And one of the other highlight provisions of the rule, which is kind of similar to HMDA, is that there's a firewall provision that says, especially this demographic information that you talked about, the characteristics of the ownership of the business and the sex, race, and ethnicity of the principal owners has to be blocked off and non-accessible by certain employees within a covered financial institution. Can you quickly explain how that works?
Lori:
Sure, Chris. Under the final rule, employees and officers of a covered financial institution or the institution's affiliate are prohibited from accessing an applicant's responses to the final rules required inquiries about the applicant's small business status, as well as the principal owners’ race, sex, or ethnicity, if the employee or the officer is involved in making any determination about the applicant's application. And that's certainly a very broad scope. But the prohibition doesn't apply if the institution determines that the employee or the officer should have access to one or more of the applicant's responses. And the institution provides notice to the applicant about the fact that those responses are going to be accessed. Alternatively, the institution can provide a notice to the broader group of applicants up to and including all of the applicants who file. Operationally, this provision is obviously going to be very difficult for small business lenders to comply with. So, I guess we'll have to just see how it plays out in operation.
Chris:
Yeah, it's honestly one of the most confusingly worded aspects of the rule of you have to firewall this off from employees who are involved in loan decision, unless you decide they should see it. And that's literally the wording of the rule, which seems a little strange to me. And I think it really is going to be most likely to impact smaller lenders where the underwriting happens like in the branch location where the loan application is taken. That seems to me that's one of the likely places where this will occur. And I think it'll be a significant headache that'll have a burden that falls most disproportionately on the smallest of small business lenders.
Lori:
Agreed. And this alternative notice provision almost seems to be a distinction without a difference ultimately. So, we'll see if this firewall provision actually is effective in practice.
Chris:
Yeah. Last thing that I want to get from you, Lori, is there's a few safe harbors in the final rule that I'd like you to highlight for the audience. So, can you just tell us a little bit about that?
Lori:
The final rule has several safe harbor provisions that relate too things like incorrect entries for census tracks, NAICS codes and application dates. There's also a safe harbor regarding incorrect determination of small business status, covered credit transactions, and covered applications. And all of these are designed to provide flexibility to covered financial institutions so that they can have some leeway in making small errors that are de minimis, or can be corrected.
Chris:
Got it. So, Addison, turning now to you, Lori gave a brief overview of the three broad categories of information that a covered financial institution's supposed to collect and then report to the CFPB. Can you just quickly recap those three and then let's take a little bit deeper dive into what the data elements are under each of those categories?
Addison:
Sure, Chris. No problem. So as Lori discussed earlier, we can really characterize these three categories as first the in-house data category. This is data that the financial institution itself can only generate. Second category is the business-related data category. This is data that is related to the applicant's business and the type of credit that the applicant is applying for. And then lastly, we have the demographic data category, which is really related as it sounds to the demographic data that the applicant supplies with his application.
Chris:
Okay. Just give us a few examples of some of the data points that fall under each of those three categories.
Addison:
Sure. So, let's start off with the in-house data category. I should note that financial institutions are required to report these data points with all applications that they receive. A few of the data points are a unique identifier that refers to the application being reported. Next, we have the application recipient which refers to the method by which the financial institution obtained the applicant's application. And so, whether that was by the applicant submitting the application directly to the financial institution, or the financial institution receiving the application from one of its affiliates, or another third party. And then lastly, we have the action taken by the financial institution on the applicant's application. And so, this is whether the financial institution denies the application, approves it, or actually originates credit.
Chris:
Got it. And so for the in-house data category that you're just talking about, is there any difference in reporting based on an application either that's denied or ones that result in an originated loan?
Addison:
Yes, there are, Chris. For denied applications, financial institutions are required to report the principal reason or reasons for denial. And so, on this point, the Bureau's commentary includes a list of denial reasons from which financial institutions may select the principal denial reason for denying an application. Additionally, the Bureau's commentary also noted that when none of the proposed denial reasons actually coincide with the financial institution's principal denial reason, the financial institution may report his denial reason as other and report that same reason as a freeform text. Moving on to the applications that are either originated or approved by the financial institution, a financial institution must report certain pricing related data points. And so, this includes rates, total origination charges, broker fees, the total amount of non-interest charges that are scheduled to be imposed over the first annual period.
Additionally, if the application involves sales-based financing, the financial institution is also required to report the difference between the amount advanced and the amount to be repaid by the applicant. And then lastly, just any information about prepayment penalties. And I should note here that for applications that are denied, withdrawn, or not fully completed by an applicant, financial institutions are still required to submit a response for this particular pricing data point. But instead of reporting pricing data, they just report not applicable.
Chris:
Got it. Let's talk about the second category, the business related data, characteristics of the business that's applying for the loan. Can you give us a few examples of the data points that are in that category?
Addison:
For this category, the data points are credit side. Which includes several sub data points including the credit product. So, whether the extension of credit is secured or unsecured. We also have types of guarantees that were obtained for an extension of credit. And then lastly, just the term, and that is in months if applicable. Moving on to credit purpose, which as I alluded to earlier, this can be selected from the Bureau's proposed list of credit purposes. Next, the amount applied for, so the total amount of credit that the applicant has applied for. Moving on to the census track, which is based on the address or location provided by the applicant. We also have the gross annual revenue for the applicant's preceding fiscal year. Also a three digit North American Industry Classification System code for the applicant, the number of people working for the applicant, the applicant's time and business. And then lastly, the number of applicant’s principal owners. And as Lori noted earlier, this term really refers to an individual who directly owns 25% or more of equity interest of the applicant's business.
Chris:
Got it. And I want to particularly underline one of the data elements you mentioned, Addison, which is the census tract. That's the census tract essentially associated with the business, like where the loan proceeds will be used or where the small business is headquartered. And that of course is the data point that would be used by regulators or consumer advocacy groups to do redlining analysis of small business lender’s lending activity. Just so everybody hears that that's coming. And in fact, there are specific references to redlining analysis in the CFPB’s rulemaking release. They were very open about the fact that they're going to be looking at that. I think I want the audience to know about that. But let's move on to the final category of data, the demographic data. What are we supposed to collect and report there?
Addison:
Really what financial institutions are supposed to collect here is business status. The Bureau made it apparent throughout the proposal that minority owned business status now encompasses both women owned business status and LGBTQI+ owned business status as well. And also financial institutions must still request the ethnicity, race, and sex of the applicant's principal owners.
Chris:
So that seems like information that some small business owners might be sensitive about revealing. It's personal information about themselves. Does the final rule mandate that financial institutions require applicants to submit that information?
Addison:
This is a great question, Chris, and the answer is no. Whether an applicant chooses to provide these demographic data points with his application is completely up to the applicant and the applicant may refuse to do so.
Chris:
So, what happens if they do? What happens if they fail or refuse to provide the information?
Addison:
If the applicant fails or refuses to provide that information, the financial institution is still required to report the applicant's failure or refusal to provide that information. And also on this point, it is important to note that the rule also requires financial institutions to inform applicants that they are not required to submit these demographic data points with their applications.
Chris:
Okay. Does the final rule also have a requirement of the financial institution explaining to applicants why the information is being collected?
Addison:
Yes, and financial institutions on this point are required to make several disclosures to applicants. For example, the rule requires financial institutions to inform applicants that federal law requires financial institutions to request these specific data points to ensure that all small business applicants for credit are treated fairly. Also, financial institutions must disclose to applicants that they are not permitted to discriminate on the basis of demographic data points that the applicants submit.
Chris:
Got it. We've discussed a lot of data points here and how financial institutions have to collect them. But then what about the second part of the process? How are they supposed to report these data points to the Bureau?
Addison:
For reporting, we now get a chance to discuss the FIG. Or the Bureau's filing instruction guide, which sets forth the technical instructions for submission of data to the Bureau.
Chris:
Right, Addison. And the FIG basically establishes a framework by which a file called the Loan Application Register or LAR, which is the same thing we call a HMDA set of data, will be uploaded to a portal that the CFPB maintains subject to various integrity and logical checks, which the CFPB has made the code publicly available for by the way. And then it will go in and presumably be digested and published by the CFPB. Now, Lori mentioned earlier that the statute, actually Section 1071, requires financial institutions to make their lending data available to the public. But how does that requirement get expressed in the final rule?
Addison:
Here, the rule requires financial institutions to disclose on their websites that their small business lending application register or the LAR as you just referred to, is available from the Bureau. And so a small business lending application register is simply the Bureau's definition of the data that the financial institution is required to report annually.
Chris:
Got it. Thank you for all of that, Addison. And now let me turn to you, Josh. You've been waiting in the wings very patiently. But there's a very important question that I want to ask you. Which is the proposed 1071 rule came out in September of 2021. So, we've all had a long time to get used to it and see it as a preview of what life under the final rule would be like. But there's some important changes that happened between the proposed rule and the final rule that dropped at the end of March. So can you talk to the audience about what's changed? First of all, did the Bureau remove any requirements from the final rule?
Josh:
Yes, in short, they did, which is hard to believe with how long it is. I think first and foremost, the CFPB removed the visual observation requirements that related to the collection of demographic information about the principal owners. Which was kind of a big deal when it came out the proposed rule. And they received a lot of comments on it. If, as Addison mentioned, people refuse to provide demographic information, the proposed rule would've required through visual observation, lenders gather that information. This has been eliminated, and hopefully with the discussions around the accuracy of visual observations will also be eliminated. And Lori mentioned this, the CFPB changed the number of covered credit transactions a financial institution must originate from 25 to a hundred. Effectively, the CFPB removed the obligation to comply with 1071 for small lenders, also not really a complete removal, but the CFPB did reduce the number of NAICS code digits that need to be collected from six to three.
Not really that significant, but it is a removal. Also, not a complete removal, the CFPB we changed the timeframe for which data collected can be reused. The proposed rule would've only allowed data to be reused for a year. And the final rule allows most data, but not all, most data to be reused for 36 months. Gross annual income data is still only allowed to be reused for a year. And in all instances, the financial institution can only reuse data if they have no reason to believe that the data is inaccurate. But it will help that certain data can be reused for three years. And then finally, Lori mentioned this as well, they changed the required compliance date from 18 months to a tiered phase implementation, which is effectively a removal and a helpful change for the industry.
Chris:
Got it. And I think probably all the ones you just mentioned are viewed as helpful changes by the industry be requirements that were either removed or lessened under the final rule. But how about on the other side? What has been added to the final rule that wasn't there? In the proposed rule?
Josh:
Yes, we do have some additions. The CFPB added a requirement to collect LGBTQI+ information on business owner's status, which was not in the proposed rule. So that's an additional data element. And the CFPB also made it mandatory to provide a disclosure informing the applicant that federal law requires the lender to ask for the applicant's minority owned, women owned, LGBTQI+ plus owned business status. This was in the proposed rule, but it wasn't mandatory and now it is. So that's in addition.
Chris:
Got it. And are there any other changes in the final rule that caught your attention that you think are interesting?
Josh:
Yeah, principal owners’ sex and gender information must be collected from applicants using a preform field or put another way without using predefined response categories. This will make, for those that are familiar with the LARS, this will make reporting data more difficult because there's not predetermined fields to just enter the information. Financial institutions are not required to report if data is reused. And I think the biggest one, which has already been mentioned, and I know it's going to be discussed in further detail on a totally separate podcast, which is completely justified, is discouragement. That was not in the proposed rule. And it's a significant add as you've mentioned, and I think we're going to get into further detail on another podcast.
Chris:
Yeah, we definitely will because we're going to have two more parts of this special three-part series on the 1071 rule. And the next one, part two, is going to contain an extensive discussion of the discouragement provisions, which we think are very material to the financial services community. But for now, I think we'll wrap this episode up because we've given an overview of the rule, what it covers, what it doesn't cover, the types of data, and then the changes from the proposed rule. And then we'll, of course, look forward to releasing part two of this special three-part series pretty soon. Let me thank my colleagues, Lori, Josh, and Addison for being on today's program and sharing their knowledge of the rule with everybody. And of course, thanks to our audience for tuning in as well.
Don't forget to visit our blog, consumerfinancialserviceslawmonitor.com and hit that subscribe button so that you can get all of our daily updates about the world of consumer finance. And while you're at it, head over to troutman.com and add yourself to our Consumer Financial Services email list. That'll allow you to get copies of our alerts and notice of our industry only webinars. And of course, look out on your podcast feed for a great new episode of this podcast every Thursday afternoon. Thank you all for listening.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.