The CFPB recently issued compliance guidance for its final rule implementing section 1071 of the Dodd-Frank Act. Pursuant to section 1071, the final rule (issued at the end of March) will require financial institutions to collect and provide the Bureau with data on lending to small businesses, defined as a gross receipts entity. under $5 million in the last fiscal year (covered by InfoBytes here). The guidance: (i) includes a detailed summary of the requirements of the final rule, including data reporting deadlines; (ii) provides comprehensive information on the types of data that financial institutions must collect and report on small business loan applications and decisions; and (iii) includes parameters for covered institutions and covered origins. The guidance further breaks down the reportable data points and explains the final rule’s “firewall” provision, which states that employees and officers of a financial institution or its affiliates “involved in making any decision” about a reportable application are generally prohibited from accessing the applicant’s demographic information. with respect to ethnicity, race, sex, and status as a minority-owned, women-owned, or LGBTQI+ business. The guidance specifies that some exceptions may apply to situations where an employee involved in decision-making needs to have access to the data to fulfill certain job duties (eg, a loan officer or loan processor). In these situations, financial institutions are required to notify applicants that employees and officials involved in decision-making may have access to their demographic data.
