The Consumer Financial Protection Bureau (CFPB) has published Small Entity Compliance Guidance (the “Guidance”) covering amendments to the Equal Credit Opportunity Act (ECOA) and Regulation B implementing the Dodd-Frank Section 1071 requirements. These amendments require financial institutions to compile and report certain information regarding certain business credit applications, as discussed in the blog. The guidance includes a detailed summary of the final rule’s requirements and examples that explain how the requirements should be applied to typical facts. The guide includes discussions of key definitions, reportable data points, data collection guidelines, creating an employee firewall, and data management once compiled.
Some of the clarifications are intended to help financial institutions understand the scope of the Act. The guidance includes some examples not found in the final rule or comment. For example, the guidance describes how to determine whether a financial institution meets the criteria to be a “covered financial institution.”
example. By 2025, the lender will receive 110 covered applications from small businesses and generate 98 covered originations. By 2026, the lender will receive 120 covered applications from small businesses and generate 102 covered originations. The lender is not a covered financial institution for 2027 because it did not create at least 100 covered sources in 2025.
In addition, the guidance reiterates some of the same clarifications and clarifications found in the final rule regarding the reporting of certain data points. For example, both the comment and the guidance in the final rule provide information to meet the requirement to report the “date of action.”
“For origination applications, the covered financial institution generally reports the closing or account opening date. If the payment is made on a day after the closing or opening date, the covered financial institution may, as an alternative, use the first payment date. A covered financial institution, for example, should develop procedures for how to report this date across different circumstances, products or segments, and be consistent across the board in its reporting.
In the final rule and guidance, the Bureau clarifies the employee firewall requirement and lists examples of the activities involved in making a credit decision, subjecting the employee to the firewall. For example, the following activities, among other things, involve decision-making and the employee is prohibited from obtaining certain demographic information from small business applicants under the final rule: Recommends that another decision-maker approve or deny a separately reportable application. provides a specific reason for rejecting a reportable application, requires collateral or security to approve a reportable application, approves a loan amount or credit limit for a covered credit transaction, imposes one or more conditions on a covered credit transaction, offers a countervailing offer in respect of a reportable application, or Set a specific term for the type of return.
In the final pages, the guide discusses recommendations for determining the financial institution’s compliance date level. The compliance date of the financial institution is based on the number of covered originations made in 2022 and 2023. If the office cannot identify the exact number, it offers a few ideas to estimate the number of covered transactions. These suggestions include:
- Requiring each eligible covered credit transaction applicant to self-report, prior to closing, gross annual revenue of $5 million or less for the preceding fiscal year between October 1 and December 31, 2023. The financial institution may apply the annual number of transactions to both calendar years 2022 and 2023 by quadrupling the number of covered credit transactions originated for small businesses from October 1 to December 31, 2023.
- Each Covered Loan Transaction originated for a small business to commercial customers during the 2022 and 2023 calendar years.