latest-news-headlines Market Intelligence /marketintelligence/en/news-insights/latest-news-headlines/banks-foresee-compliance-challenges-as-new-cfpb-loan-reporting-rules-approach-74921349 content esgSubNav
In This List

Banks foresee compliance challenges as new CFPB loan reporting rules approach

Blog

Banking Essentials Newsletter: September 18th Edition

Blog

Navigating the New Canadian Derivatives Landscape: Key Changes and Compliance Steps for 2025

Loan Platforms: Securing settlement instructions and prioritising the user experience

Blog

Getting an Edge with Services: Driving optimization by embracing technological innovation


Banks foresee compliance challenges as new CFPB loan reporting rules approach

Banks are bracing for impending rules that will require complex data collection on small-business loan applications.

The Consumer Financial Protection Bureau will issue rules by March 31 requiring banks to disclose granular information on applications for credit from small and medium-sized businesses as required by Section 1071 of the Dodd-Frank Act. The issue has been highly controversial since the CFPB unveiled the proposed guidance in September 2021, and financial institutions have raised dozens of concerns in letters to the agency.

Banks would have to collect and report a broad new range of data to the government on business loan applications, creating concerns about compliance and data privacy. As part of the rules, banks may be required to collect information as to whether the small business is minority- or women-owned, and the ethnicity, race and sex of at least one principal of the business. Such an undertaking could prove particularly hard for smaller banks.

Collecting such data "would just be very difficult to do. Applicants typically don't show up in person," Troutman Pepper partner Lori Sommerfield said in an interview. "They're often applying through online mechanisms. So if they choose not to provide that data, how is the lender going to collect that information?"

SNL Image

Challenges abound

The rules would require financial institutions with at least 25 "covered credit transactions" in each of the preceding two calendar years to provide the CFPB with granular data on business loan applications, including the method of application, its submitter and the action taken on the application. Financial institutions would also have to collect a broad range of data from applicants themselves including the type, intended use and amount of the credit sought. Covered credit transactions include credit to businesses through loans, lines of credit, credit cards and merchant cash advances.

But perhaps the most controversial part of the proposed rules is related to the collection of demographic data.

"There's going to be a lot of information available about small-business loans and credit that's available publicly that was not available before," Tori Shinohara, a partner at law firm Mayer Brown, said in an interview.

The potential complexity of the rules is especially concerning to smaller banks.

"For clients who are not large financial institutions ... this is a completely foreign concept, in terms of how to set up a structure to collect and report data from applicants. All of this is a brave new world," Shinohara said in an interview. "One of the biggest issues is that small-business lending is very different from consumer lending."

SNL Image

Banks are also concerned about timing since the anticipated rule would be effective 90 days after publication in the Federal Register, with compliance required 18 months after that publication.

"Eighteen months ... is a very short time when you consider all of the different processes, both on the operational side and the technology side," said Olivia Kelman, practice group coordinator for the financial institutions and services litigation group at law firm K&L Gates.

That also raises staffing issues, Kelman noted.

"Ensuring that your institution is going to have people [and] that you're going to be able to staff on this data collection and reporting project is going to be important," she said.

Given all the potential challenges, banks are eager for specific guidance on procedures for data collection.

"Banks will be very interested in receiving some additional guidance in the final rule concerning the types of procedures they could maintain to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response," said Eamonn Moran, senior counsel at Norton Rose Fulbright and a former CFPB official.

At a hearing in April 2022, CFPB Director Rohit Chopra said he is "sensitive" to the concerns and the agency is doing its best to write rules that will not negatively impact lenders, particularly smaller banks.

Opening banks up to more scrutiny

As proposed, the CFPB would remove information from the database that it believes could be used to track back to individual applicants. Then, it would publish a higher-level data file available for the public to review.

Banks are worried that the release of such information could land them in hot water through regulatory enforcement actions or lawsuits from consumer groups.

"The data is going to be used by both regulators and private plaintiffs, such as consumer advocacy groups, who are going to begin analyzing that data and drawing their own conclusions from it," Troutman Pepper's Sommerfield said. "So covered financial institutions are going to be subject not only to litigation but potentially enforcement actions from regulators other than the CFPB."