ARTICLE
Compliance Update with Amy K by Amy Kleinschmit, Chief Compliance Officer CFPB – Small Business Lending Data Collection Proposed Rule The Consumer Financial Protection Bureau (CFPB) has issued its proposed rule to implement Section 1071 of the Dodd-Frank Act which will require data collection for small business lending. The 918 page proposed rule can be found here and comments must be received within 90 days after the proposed rule is published in the Federal Register. The CFPB has issued a number of support documents to this proposed rule, including a summary and a chart of the proposed data points which can be found here. A few highlights (more to come as we review this proposed rule) as explained by the CFPB, “rule would create the first comprehensive database of small business credit applications in the United States. This would include critical information about women-owned and minority-owned small businesses to help regulators and the public identify and address fair lending concerns. The database would also enable a range of stakeholders to better identify business and community development needs and opportunities for small businesses, including women-owned and minority-owned small businesses.” The general rule/requirement is that a “covered financial institution” shall compile and maintain data regarding “covered applications” from small businesses. On or before June 1 following the calendar year for which data are compiled and maintained, a covered financial institution shall submit its small business lending application register in the format prescribed by the CFPB. “Covered financial institution” means a financial institution that originated at least 25 “covered credit transactions” for small businesses in each of the two preceding calendar years. For purposes of this definition, if more than one financial institution was involved in the origination of a covered credit transaction, only the financial institution that made the credit decision approving the application shall count the origination. This definition includes - but is not limited to, banks, savings associations, credit unions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies), commercial finance companies, organizations exempt from taxation pursuant to 26 U.S.C. 501(c), and governments or governmental subdivisions or agencies. A financial institution qualifies as a covered financial institution based on total covered credit transactions originated for small businesses, rather than covered applications received from small businesses. For example, if in both 2024 and 2025, Financial Institution B received 30 covered applications from small businesses and originated 20 covered credit transactions for small businesses, then for 2026, Financial Institution B is not a covered financial institution. A “covered credit transaction” includes all business credit, including loans, lines of credit, credit cards, and merchant cash advances. This would include credit transactions for agricultural purposes and those that are also covered by the Home Mortgage Disclosure Act (HMDA). The proposal excludes several types of transactions from this, such as an extension of credit that is secured by 1-4 individual dwelling units that the applicant (or one or more of the applicant’s principal owners) does not, or will not, occupy. In the discussion of the proposed rule, “the Bureau is proposing to define a “small business,” about whose applications for credit data must be collected and reported, by reference to the definitions of “business concern” and “small business concern” as set out in the Small Business Act and Small Business Administration (SBA) regulations. However, in lieu of using the SBA’s size standards for defining a small business concern, the Bureau’s proposed definition would look to whether the business had $5 million or less in gross annual revenue for its preceding fiscal year. The Bureau is seeking SBA approval for its alternate small business size standard pursuant to the Small Business Act.” The rule includes a prohibition on access to certain information that is obtained from the applicant. The proposed rule provides that an employee or officer of a covered financial institution or a covered financial institution’s affiliate shall not have access to an applicant’s responses to inquiries that the financial institution makes regarding whether the applicant is a minority-owned or a women-owned business, and regarding the ethnicity, race, and sex of the applicant’s principal owners, if that employee or officer is involved in making any determination concerning that applicant’s covered application. There is an exception when the financial institution determines that it is not feasible to limit that employee’s or officer’s access to an applicant’s responses to the financial institution’s inquiries AND the financial institution provides a notice required under the proposed rule to the applicant. The proposed compliance date would be 18 months after the final rule is published in the Federal Register. There are 21 data point categories, however, some categories require multiple fields. The reportable data includes: a unique identifier; application date; application method; and application recipient. For the category of credit type, the following information would be required: credit product; guarantees; and loan terms. Additional data points include: amount applied for; amount approved or originated; action taken (originated; approved but not accepted; denied; withdrawn by applicant or incomplete); action taken date; denial reasons; and pricing information. Interest rate would be required to be reported including if the rate is adjustable the margin, index value and index name that is applicable. Total origination charges (paid directly or indirectly by applicant and imposed directly or indirectly by financial institutions) must be reported. Other fees that must be reported include: broker fees; initial annual charges; additional cost for merchant cash advance or other sale-based financings; prepayment penalties. The census tract; gross annual revenue of the applicant; NAICS code; number of workers; time in business; and minority-owned business status or women-owned business status are additional data fields that will be reported. Finally, ethnicity, race and sex of the principal owners and number of principal owners is required to be reported. Attorney Conference for the Non-Attorney Don't have an in-house counsel and don't have the time or resources to keep up with the latest litigation trends? Join us for the “Attorney’s Conference for Non-Attorneys” on September 28, November 10, and January 11. This three-part litigation webinar series will address some of the most pressing legal and compliance risks for credit unions along with overall risk mitigation strategies to help protect credit unions. Each session is only $25, be sure to reserve your seat now. You’ll learn from lawyers with expertise working with credit unions, made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League. The first session on Tuesday, September 28, 2021, will focus on class actions. Registration is now open and can be found here: Attorney Conference for the Non-Attorney: Session 1 - Class Actions Litigation and class actions can have a harmful impact on credit unions. This session provides an overview of trending class action developments along with information on how credit unions can protect themselves from the latest legal theories being asserted by plaintiffs, lawyers, and regulators. The following class action trends will be discussed: Overdraft/non-sufficient fund (NSF) fees; Guaranteed asset protection (GAP) insurance; Telephone Consumer Protection Act; and Foreign transaction fees. Infosight Highlight The following RISK Alerts were added to the Resources area during the month of August: Labor Shortage Leads to Currency Shipment Delay (8/17/2021) Requiring Employee Vaccinations? (8/17/2021)** (highlighted below) Catalytic Converter Thefts: A Growing Trend for Credit Unions (8/10/2021) Wage and Hour Regulations Motivate Class Action Lawsuits (8/10/2021) *With the spread of variants of COVID-19, a unique situation has been created for businesses that have begun the transition back to in-person work. Employers are considering whether they should require the vaccinations for their staff. The Equal Employment Opportunity Commission (EEOC) has issued guidance stating that employers are allowed to mandate COVID-19 vaccinations for in-person employees (barring medical or religious reasons), but it can be a sensitive issue. Credit union leaders should follow key communication fundamentals when sharing their decision about getting vaccinated. Many RISK Alerts are also added to applicable channels (e.g., COVID-19 – Coronavirus, Employment, Security), so you can find them there as well. CU Policy Pro Highlight Reminder – there were two content updates this summer (June and August), so now is a great time to take a look if you haven’t reviewed those changes yet. Log in to CU PolicyPro and access the Support or Resources areas to find more information on which policies were impacted and what your credit union needs to do next. There is also a recorded video webinar, available in the Training Videos section of the Support area, that walks through the entire content update process. Also, there are new publishing features in CU policy pro! A new publishing option at the policy level allows users to choose the “Current” or “Last Published Version” of a policy for their published manuals. There is also a new multi-policy selection option allows users to select the publishing option for multiple policies at one time. When publishing, an indicator icon will show which policies are set to “Use Last Published Version.” Additional text can be added to the title page and the table of contents at the beginning of each chapter can be hidden. Finally, deleted published manuals can now be restored. Find more details on how to use these updated features here: Publishing InfoSight Updates As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.
Compliance Update with Amy K
by Amy Kleinschmit, Chief Compliance Officer
CFPB – Small Business Lending Data Collection Proposed Rule
The Consumer Financial Protection Bureau (CFPB) has issued its proposed rule to implement Section 1071 of the Dodd-Frank Act which will require data collection for small business lending. The 918 page proposed rule can be found here and comments must be received within 90 days after the proposed rule is published in the Federal Register.
The CFPB has issued a number of support documents to this proposed rule, including a summary and a chart of the proposed data points which can be found here.
A few highlights (more to come as we review this proposed rule) as explained by the CFPB, “rule would create the first comprehensive database of small business credit applications in the United States. This would include critical information about women-owned and minority-owned small businesses to help regulators and the public identify and address fair lending concerns. The database would also enable a range of stakeholders to better identify business and community development needs and opportunities for small businesses, including women-owned and minority-owned small businesses.”
The general rule/requirement is that a “covered financial institution” shall compile and maintain data regarding “covered applications” from small businesses. On or before June 1 following the calendar year for which data are compiled and maintained, a covered financial institution shall submit its small business lending application register in the format prescribed by the CFPB.
“Covered financial institution” means a financial institution that originated at least 25 “covered credit transactions” for small businesses in each of the two preceding calendar years. For purposes of this definition, if more than one financial institution was involved in the origination of a covered credit transaction, only the financial institution that made the credit decision approving the application shall count the origination.
This definition includes - but is not limited to, banks, savings associations, credit unions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies), commercial finance companies, organizations exempt from taxation pursuant to 26 U.S.C. 501(c), and governments or governmental subdivisions or agencies.
A financial institution qualifies as a covered financial institution based on total covered credit transactions originated for small businesses, rather than covered applications received from small businesses. For example, if in both 2024 and 2025, Financial Institution B received 30 covered applications from small businesses and originated 20 covered credit transactions for small businesses, then for 2026, Financial Institution B is not a covered financial institution.
A “covered credit transaction” includes all business credit, including loans, lines of credit, credit cards, and merchant cash advances. This would include credit transactions for agricultural purposes and those that are also covered by the Home Mortgage Disclosure Act (HMDA). The proposal excludes several types of transactions from this, such as an extension of credit that is secured by 1-4 individual dwelling units that the applicant (or one or more of the applicant’s principal owners) does not, or will not, occupy.
In the discussion of the proposed rule, “the Bureau is proposing to define a “small business,” about whose applications for credit data must be collected and reported, by reference to the definitions of “business concern” and “small business concern” as set out in the Small Business Act and Small Business Administration (SBA) regulations. However, in lieu of using the SBA’s size standards for defining a small business concern, the Bureau’s proposed definition would look to whether the business had $5 million or less in gross annual revenue for its preceding fiscal year. The Bureau is seeking SBA approval for its alternate small business size standard pursuant to the Small Business Act.”
The rule includes a prohibition on access to certain information that is obtained from the applicant. The proposed rule provides that an employee or officer of a covered financial institution or a covered financial institution’s affiliate shall not have access to an applicant’s responses to inquiries that the financial institution makes regarding whether the applicant is a minority-owned or a women-owned business, and regarding the ethnicity, race, and sex of the applicant’s principal owners, if that employee or officer is involved in making any determination concerning that applicant’s covered application. There is an exception when the financial institution determines that it is not feasible to limit that employee’s or officer’s access to an applicant’s responses to the financial institution’s inquiries AND the financial institution provides a notice required under the proposed rule to the applicant.
The proposed compliance date would be 18 months after the final rule is published in the Federal Register.
There are 21 data point categories, however, some categories require multiple fields. The reportable data includes: a unique identifier; application date; application method; and application recipient. For the category of credit type, the following information would be required: credit product; guarantees; and loan terms. Additional data points include: amount applied for; amount approved or originated; action taken (originated; approved but not accepted; denied; withdrawn by applicant or incomplete); action taken date; denial reasons; and pricing information. Interest rate would be required to be reported including if the rate is adjustable the margin, index value and index name that is applicable. Total origination charges (paid directly or indirectly by applicant and imposed directly or indirectly by financial institutions) must be reported. Other fees that must be reported include: broker fees; initial annual charges; additional cost for merchant cash advance or other sale-based financings; prepayment penalties. The census tract; gross annual revenue of the applicant; NAICS code; number of workers; time in business; and minority-owned business status or women-owned business status are additional data fields that will be reported. Finally, ethnicity, race and sex of the principal owners and number of principal owners is required to be reported.
Attorney Conference for the Non-Attorney
Don't have an in-house counsel and don't have the time or resources to keep up with the latest litigation trends? Join us for the “Attorney’s Conference for Non-Attorneys” on September 28, November 10, and January 11. This three-part litigation webinar series will address some of the most pressing legal and compliance risks for credit unions along with overall risk mitigation strategies to help protect credit unions. Each session is only $25, be sure to reserve your seat now.
You’ll learn from lawyers with expertise working with credit unions, made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League.
The first session on Tuesday, September 28, 2021, will focus on class actions. Registration is now open and can be found here:
Attorney Conference for the Non-Attorney: Session 1 - Class Actions
Litigation and class actions can have a harmful impact on credit unions. This session provides an overview of trending class action developments along with information on how credit unions can protect themselves from the latest legal theories being asserted by plaintiffs, lawyers, and regulators. The following class action trends will be discussed: Overdraft/non-sufficient fund (NSF) fees; Guaranteed asset protection (GAP) insurance; Telephone Consumer Protection Act; and Foreign transaction fees.
Infosight Highlight
The following RISK Alerts were added to the Resources area during the month of August:
Labor Shortage Leads to Currency Shipment Delay (8/17/2021)
Requiring Employee Vaccinations? (8/17/2021)** (highlighted below)
Catalytic Converter Thefts: A Growing Trend for Credit Unions (8/10/2021)
Wage and Hour Regulations Motivate Class Action Lawsuits (8/10/2021)
*With the spread of variants of COVID-19, a unique situation has been created for businesses that have begun the transition back to in-person work. Employers are considering whether they should require the vaccinations for their staff.
The Equal Employment Opportunity Commission (EEOC) has issued guidance stating that employers are allowed to mandate COVID-19 vaccinations for in-person employees (barring medical or religious reasons), but it can be a sensitive issue. Credit union leaders should follow key communication fundamentals when sharing their decision about getting vaccinated.
Many RISK Alerts are also added to applicable channels (e.g., COVID-19 – Coronavirus, Employment, Security), so you can find them there as well.
CU Policy Pro Highlight
Reminder – there were two content updates this summer (June and August), so now is a great time to take a look if you haven’t reviewed those changes yet. Log in to CU PolicyPro and access the Support or Resources areas to find more information on which policies were impacted and what your credit union needs to do next. There is also a recorded video webinar, available in the Training Videos section of the Support area, that walks through the entire content update process.
Also, there are new publishing features in CU policy pro! A new publishing option at the policy level allows users to choose the “Current” or “Last Published Version” of a policy for their published manuals. There is also a new multi-policy selection option allows users to select the publishing option for multiple policies at one time. When publishing, an indicator icon will show which policies are set to “Use Last Published Version.” Additional text can be added to the title page and the table of contents at the beginning of each chapter can be hidden. Finally, deleted published manuals can now be restored.
Find more details on how to use these updated features here: Publishing InfoSight Updates
As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.