The Consumer Financial Protection Bureau (CFPB) has released a compliance guide for the final rule implementing section 1071 of the Dodd-Frank Act. This rule requires financial institutions to collect data on small business lending. Small businesses are defined as those with gross revenues of less than $5 million in the previous fiscal year. The data collected must be provided to the Bureau.
The compliance guide provides a detailed overview of the final rule’s requirements, including reporting deadlines. It also outlines the types of data that financial institutions must collect and report on small business loan applications and decisions. Additionally, the guide includes parameters of Intended Authority and Intended Origin.
The data points to be reported are broken down and the guide explains the “firewall” clause of the final rule. Under this provision, employees and officers of a financial institution or its affiliates who are “involved in the decision” of a reportable application are generally prohibited from accessing the applicant’s demographic information. This includes information on ethnicity, race, gender, minority-owned, women-owned, or LGBTQI+-owned business status. However, some exceptions may apply to situations where employees involved in decision-making need access to data to perform their assigned functions, such as loan officers or loan processors.
The guide stipulates that in such circumstances, financial institutions must inform applicants that their employees and officers involved in decision-making may have access to their demographic data.