On Sept. 14, 2023, the CFPB issued updates to its FAQs to assist small business lenders and finance companies with complying with the final Small Business Lending Rule (the Rule) mandated by section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The FAQs to the Rule cover the following topics: institutional coverage; covered credit transactions; definition of a small business; firewall; record retention.

The FAQs provide guidance on topics important for determining a financial institution’s compliance with the Rule, including coverage of institutions and transactions. The updated FAQs also enhance answers regarding the types of transactions included to satisfy the origination threshold, exclusions to transactional coverage, the determination of small business revenue for inclusion under the Rule, explanation of the firewall prohibiting certain employees and officers of covered financial institutions from accessing demographic information obtained from applicants, and record retention requirements.
 
History of the Rule

Issued in March 2023, the Rule requires covered financial institutions to collect and report data on small business loan applications, including applications from minority- and women-owned small businesses. The Rule creates new compliance obligations and requires lenders to make operational changes.

On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the Rule in Texas Bankers Ass'n, et al. v. CFPB, et al. That order stays all deadlines for compliance with the Rule for plaintiffs and their members in that case. Banks that are not plaintiffs, members of the Texas Bankers Association, or non-bank small business lenders should continue to comply, or prepare to comply, with the Rule. The injunction remains in place until the U.S. Supreme Court issues an order in the CFSA v. Consumer Financial Protection Bureau case (51 F.4^th 615 (5^th Cir. 2022)), in which the Fifth Circuit held that the CFPB’s funding structure contradicts the Constitution’s Appropriations Clause. The Supreme Court will hear oral arguments in the case next month.

Key Takeaways

• Refinancings Counted. Financial institutions must include refinancings in their tally of covered originations, provided the refinancing replaces an existing obligation for the same borrower and is a covered credit transaction made to a small business. The determination if an existing obligation has been replaced depends on the contract and state law.
   
• Letters of Credit Are Not Covered. Generally, a letter of credit is an instrument a bank issues that promises, upon presentation of certain documents and/or satisfaction of certain conditions, to direct payment to a beneficiary of the instrument. Letters of credit are often presented by buyers of goods who seek to postpone payment until their goods have been received. Some letters of credit are secured by a promissory note and are converted if the customer fails to pay. The issuance of such letters of credit are not extensions of credit.
   
• Trade Credit Exclusions. The Rule does not cover trade credit. However, a financial transaction is not considered trade credit if a bank, credit union, or financing company provides a loan for purchasing goods or services, even if the financing company has affiliations with the retailer.
   
• Firewall Provisions. The FAQs clarify the “firewall” provision, which restricts certain employees and officers of covered financial institutions from accessing demographic information gathered from small business applicants, and outlines exceptions to the Rule that require notice to the affected small business applicant(s).
   
• Record Retention Guidelines. Covered financial institutions must retain evidence of compliance, including their small business lending application register, for a minimum of three years post-submission to the CFPB. Demographic information must be kept separately.

The Rule creates new compliance obligations and requires lenders to make operational changes, to the extent not already done. The Rule also requires that data be published that regulators and class-action plaintiffs’ attorneys might then use to initiate investigations, bring lawsuits alleging federal or state fair-lending law violations, and bring third-party challenges to regulatory approval for proposed mergers and acquisitions. Small business lenders should heed these updates to ensure continuous compliance and make informed decisions in their operations.