How Modifications to Dodd-Frank Could Affect You

On March 30, 2023, the Consumer Financial Protection Bureau issued a Final Rule implementing data collection changes to Section 1071 the Dodd-Frank Act. The Rule covers transactions protected by Reg B. Consistent with Section 1071, “covered financial institutions” are required to collect and report to the CFPB data on applications for credit for small businesses, including businesses owned by women, minorities, and businesses owned by members of the LBGTQ community.

It’s important to understand key definitions of terms used in the Rule:

Covered financial institution. Consistent with language in Section 1071, a “covered financial institution” is any of a variety of entities engaged in small business lending and in fact, any financial activity, and includes banks, credit unions, savings associations, online lenders, platform lenders, and CDCs, both depository and nondepository. Additionally, a covered financial institution is one that handled at least 100 applications for credit for a small business in each of the two preceding calendar years, 2022 and 2023.

Small Business. The Rule uses SBA’s definition of a small businesses but employs its own size standard, based solely on whether the business had $5 million or less in gross annual revenue for its preceding fiscal year. This will be updated every five years.

Application; Applicant. We’ve already had questions about this one. The Rule applies to applications for credit for a small business. See page 2 under “Scope.: It does not say, “originations.” Additionally, 12 CFR 1002.2 states that an application is an oral or written request for an extension of credit that is made in accordance with procedures used by a creditor for the type of credit requested. So an “application” doesn’t have to be in writing. However, the Rule does distinguish “applications” from such things as “inquiries and prequalification requests.”

Compliance Dates.  Compliance dates in the Final Rule are tiered: October 1, 2024; April 1, 2025; or January 1, 2026, as set forth in § 1002.114(b)

Other Need-to-Know Info. Importantly, the Rule implements “firewalls” designed to shield certain demographic data from underwriters, and specifies that collected data must come from the applicants, not from hearsay or third parties.

Other data to be collected include:

  • the credit product; types of guarantees; loan term; credit purpose; amount applied for
  • applicant’s business census tract; gross annual revenue for the applicant’s preceding full fiscal year; the 3-digit NAICS; the number of workers that the applicant has; the applicant’s time in business; the number of principal owners the applicant has
  • ethnicity, race, and sex of the applicant’s principal owners.’

Questions? Give me a call.

Richard Jeffrey
Senior Associate