The Dodd-Frank Act brought about many changes to banks’ lending operations, as we all know. Increased transparency of banks’ lending operations was one of Congress’ goals when passing the Act; one aspect of this objective, increasing the types of applications and data reported under the Home Mortgage Disclosure Act (HMDA), has already been accomplished, with new requirements kicking in for 2018.

Dodd-Frank also included a brand-new data collection and reporting requirement under ECOA for small-business and minority- and women-owned business applications and loans. In practice, this will feel very HMDA-like. The statutory requirement (found in Dodd-Frank Act Section 1071) will be implemented by a new subsection in Regulation B to be written by the Consumer Financial Protection Bureau (Bureau), which has regulatory authority over ECOA.

Some question why a commercial loan data collection and submission requirement will be written into Reg. B. But remember that ECOA and Reg. B never covered only consumer lending; it is just as problematic to discriminate on a prohibited basis in a commercial transaction as it is in a consumer one. Others ask why the Consumer Financial Protection Bureau was granted oversight over a commercial loan rule. But that’s the way Congress amended the statute, and since the Bureau has oversight over it, that’s the agency who will write it.

The Bureau has already publicized its interest in commercial lending, especially small business lending. In a blog post on April 14, 2017, announcing the Bureau’s fair lending priorities for 2017, Patrice Ficklin, the CFPB’s Assistant Director of Fair Lending & Equal Opportunity, wrote:

In establishing the Bureau, Congress expressed concern that women-owned and minority-owned businesses may experience discrimination when they apply for credit, and has required the CFPB to take steps in ensuring their fair access to credit. Because small businesses are the backbone of our economy, we are focusing on how to make sure small business owners, including women-owned and minority-owned businesses, can better access lending.

Clearly commercial lending is on the Bureau’s mind. But there is some doubt as to whether this new regulation will become a reality. Why? For one, the Creating Hope and Opportunities for Investors, Consumers, and Entrepreneurs (CHOICE) Act, which passed the U.S. House of Representatives in May 2017, would eliminate Section 1071 in its entirety. Note that the CHOICE Act has not yet passed the Senate, and there are no guarantees it will do so. Even if it does, it is highly likely it will be in a completely different form than what we see now, and 1071 may indeed survive. And that’s not even speaking to the chances for a reconciled bill to be signed into law. It is an uphill battle on the Congressional front.

Secondly, some question whether a change in the Bureau’s leadership would cause a slowdown, or outright halt, to new regulation, including this one. How likely is this? No one really knows. But in the meantime the Bureau started the regulatory process, also in May, by issuing a Request for Information Regarding the Small Business Lending Market, along with a White Paper on the key dimensions of the small business lending landscape. The Bureau is “focused on outreach and research to develop our understanding of the small business lending market,” which will help them formulate the specifics of the rule.

In response to requests from a number of industry trade associations, the Bureau extended the comment period by 60 days, reflecting that this is indeed a hot topic. The Bureau is also looking for feedback on the privacy implications of making this type of information public.

It would be extremely risky to assume a rule will never appear, so in the meantime banks should do some homework to investigate what they may have to do. So when this new regulation is written, what will it look like? Like other rulemaking initiatives in the Dodd-Frank Act, the Bureau has discretion to craft the regulation, including exceptions, as it generally sees fit. But we can look to the statutory language to get a general idea of what is coming.

A New “LAR” Loan Application Register): Business Loan Data Collection and Submission

Note that this new requirement will be completely separate from the data collection and reporting requirements of both HMDA and the Community Reinvestment Act (CRA); however there may be some applications and/or loans that are reported under more than one regulation.

Who Will Be Covered?

The new requirements apply to “financial institutions,” as that term is defined in the ECOA amendments. It’s a broader definition than what is found in the CRA, for instance, but suffice it to say that all banks are included, as “engages in financial activity” is the key determinant for coverage.

However, the Bureau is given the authority (“by rule or order”) to adopt exemptions to any class of financial institution “as the Bureau deems necessary or appropriate to carry out the purpose of this section.”[1]  It remains to be seen whether the Bureau will enact exemptions similar to those in HMDA (dependent a bank’s asset size, loan volume, etc.), or any at all.

For What Applications and Loans Will Information be Collected and Submitted?

According to the statute, lenders will be required to collect and report data for “any application to a financial institution for credit for women-owned, minority-owned, or small business.”[2] What precisely is covered here?

Application. The rule requires reporting of applications for covered loans, not just originated loans, just as HMDA does. There is no definition of “application” in the Dodd-Frank Act’s ECOA amendments, but since this will be part of Reg. B, we can look there: “Application means an oral or written request for an extension of credit that is made in accordance with procedures used by a creditor for the type of credit requested.”[3]

Commercial lenders commonly have no specific application procedures, especially for larger loans. So what must be developed internally in banks; in other words, what will constitute a reportable application? Reg. B’s commentary provides some assistance:

The term “procedures” refers to the actual practices followed by a creditor for making credit decisions as well as its stated application procedures. For example, if a creditor’s stated policy is to require all applications to be in writing on the creditor’s application form, but the creditor also makes credit decisions based on oral requests, the creditor’s procedures are to accept both oral and written applications.[4]

Many times commercial loans are initiated by oral requests, and those would clearly constitute applications under the regulation. But when is the actual “request for” credit made? It’s often hard to pin that down precisely, but the statute requires “the date on which the application was received” to be submitted. This time before a regulation is finalized should be used to determine what the bank’s commercial lenders actually do, and to dig deep into processes to determine an application date for reportable commercial loans. Compliance officers must be sure to cast a wide net to catch all reportable instances of credit requests for covered loan types.

Loan. The definition of a covered “loan” includes both closed-end loans and open-end lines of credit, whether secured or not. The statute is broad, although the Bureau may narrow it down.

“Minority” includes “any Black American, Native American, Hispanic American, or Asian American.”[5]

Minority-owned business and women-owned business. These terms have the same basic requirement: more than 50% of the ownership of control of the business is held by one or more minority individuals or women, or more than 50% of the net profit or loss accrues to one or more minority individuals or women. (Note the Bureau will have to delineate how to report an application made to a business owned or controlled by minority women – is it reported as both, for example?)

Note that the definition of a covered minority-owned or women-owned business loan is not dependent on the size of the business. A loan can be to a minority- or women-owned business even though the business isn’t a “small business.” In other words, loans to minority- or women-owned large businesses will be covered.

Small business loan. This is defined simply as “a loan made to a small business.”[6] Well, that doesn’t really help – tell me what a “small business” is then. According to the statute, a “small business” means the same as the term “small business concern” in the Small Business Act.

Ask anyone who deals with Small Business Association (SBA) loans, and they’ll tell you how complicated the determination of what a small business is can be. Generally to qualify as a “small business concern” to the SBA, there are limitations on the number of employees and average annual receipts, and they differ depending on the type of industry. There are a number of exceptions. Turning all commercial lenders (and compliance personnel) into SBA experts would be difficult.

Many bankers have requested the Bureau follow the small business definition in the Community Reinvestment Act (CRA), or perhaps make it flexible depending on the institution’s practices. There are banks that have undergone fair lending examinations on small business lending, and for the most part regulators have asked the banks what they consider a small business to be.

Also note that the term “small” refers to the size of the business, not the size of the loan. This again is similar to the CRA. Thus a large loan to small business would be covered, but a small loan to a large business would not (unless that large business was women- or minority-owned).

It is presently unknown what the Bureau will do, but it will be important for it to clearly delineate what will constitute a covered small business under the regulation.

It will therefore be critical for banks to identify which businesses, applications, and loans qualify under these definitions. How to do this? Simple – ask the applicant questions. Fortunately the statute calls for the Bureau to develop and provide assistance to banks in determining whether an applicant is a small business or minority- or women-owned business. But in any case, this will call for procedures to be developed and/or refined for all commercial loan officers.

Asking for the Information: Scripting

The requirement is simple: “the financial institution shall…inquire whether the business is a women-owned, minority-owned, or small business.”[7] This is the case whether the application is received in person, over the phone, by mail, electronically, or otherwise. It also does not matter whether or not the application was received in response to a solicitation from the bank.

Subject to what the Bureau does when issuing its regulations, due to the definitions being drafted the way they are, it will be necessary to ask every commercial loan applicant about the status of the business (since again even large businesses could be covered if minority- or women-owned). What happens if the applicant doesn’t know? Since there is no verification requirement in the statute, presumably your commercial loan officers can take applicants at their word, but the Bureau hopefully will clarify when they draft the regulation.

An applicant may refuse to answer the question with no adverse consequences to the credit application. Responses must be retained by the bank for at least three years, but this and all other information collected as part of this requirement must be kept separate from the application and any accompanying information so that it will not influence the credit decision in any way.

No underwriter access. The statute makes clear that bank employees having decision-making authority should not be allowed access to the applicant’s response to the questions regarding the type of business (or other demographic information).

But the statute also recognizes that in certain cases it may be necessary for a decision-maker to see the information (the rule talks about where a bank determines the person “should have access”) or where it’s just not feasible to clearly separate it for whatever reason. In these cases, the bank must provide notice to the applicant that access is being allowed along with the fact that the bank may not discriminate on the basis of the information provided.

All this will require careful scripting for commercial loan officers (who again aren’t used to regulatory requirements for applications) for virtually all commercial loans. They must know what questions to ask, when to ask them, and where to record the information. Again, very HMDA-like.

What Information Will be Collected and Submitted?

For a covered small business or minority- or women-owned business loan application, the statute requires the following information be compiled by the bank:

• Application number and date received;
• Type and purpose of the credit being applied for;
• Amount of credit or credit limit applied for and the amount approved;
• Type and date of action taken on the application;
• Census tract of the applicant’s principal place of business;
• Gross annual revenue of the business during its previous fiscal year before application;
• Race, sex, and ethnicity of the principal owner(s) of the business; and
• Any other information the Bureau deems necessary.

Note again the wild card last point – this may not be a complete list of data, if the Bureau believes additional information would fulfill the purposes of the statute.

The record of required information retained by the bank may not include any personally identifiable information of the applicant (such as name, phone number, email address, or specific address other than census tract information). Again this requires the records be kept separate from the application or other accompanying information.

Submission and Publicly Available Data

 The statute requires annual reporting of the information to the Bureau, but the details of the submission requirement (when, how, format, etc.) await Bureau regulation-writing.

Availability. Banks must make the information available to any member of the public upon request, in a form the Bureau will specify. The Bureau will also make the information available to the public, but will use discretion to delete or modify any publicly available data in the interest of privacy. It may also compile aggregate data for its own use (read: research and/or fair lending analysis) and make these compilations available to the public as well. Sound familiar?

Fair Lending Impact

This whole process sounds very HMDA-like, doesn’t it? Ask questions of applicants, record information about the application and the applicant, submit it to a regulator, and make information publicly available. That’s on purpose, as the ultimate reason for this new requirement is stated right in the first section of the ECOA amendment:

The purpose of this section is to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.[8]

Just like HMDA, this information will be utilized to ensure fair lending laws and regulations are followed. The regulatory agencies (along with community groups and the public) will be provided with new hard data on where some commercial applications and loans came from and what the characteristics of the applicants and borrowers are.

This will be much more than an operational requirement. Count on this information being crunched much like HMDA data is today, with statistical and regression testing being performed by regulators and community groups alike. The examination process will also likely be very HMDA-like, with data integrity, distributions, disparities, and file reviews being chosen as focal points in future fair lending exams. As mentioned above, regulators are already conducting commercial fair lending examinations.

For banks, analyzing small business lending will be easier since there will be data on both minority- and non-minority loans. Right now proxy data must be created, which is inherently unreliable. But since demographic data will be available, reliable comparisons (through disparities, comparative file review, regression, and so forth) can be made. It will be more difficult for women- and minority-owned larger businesses, since data will be collected only for them and not for control group applications and loans (to male- or nonminority-owned larger businesses).

But in the end, this means the bank’s responsibilities will be much like HMDA: know your data and know your bank’s small business, minority-owned business, and women-owned business situation.


The operational requirements of these new rules will be difficult to implement, especially since there are few regulatory requirements (especially like this) in the commercial loan environment. Some lenders are likely to resist due to the time and hassle involved, with no associated value added. And it’s never easy to institute a brand-new set of information collection requirements anywhere, with system and technology hurdles to overcome.

It’s in each bank’s best interests to start the planning process now. We have a very good idea what is coming (at least the big picture items) and since we don’t know whether the implementation period will be long or short, better to start now. Ask yourself the following questions:

• Do you have an application for small business loans? For larger commercial loans?
• What is your definition of a “small business”?
• Are you able to identify an application date?
• Where might the required data points come from? Do you collect them now? If not, what system or technology work will need to be done to get them?
• Where will you store the required data items, and can you keep them separate from other data?
• Will you be able to overcome any cultural obstacles to these requirements within the bank?
• Do you have the capabilities to analyze commercial fair lending data?

There is always the chance this section of Dodd-Frank could be eliminated by Congress, or the Bureau could take an extremely long time to implement it into a regulation. But don’t forget the ultimate reason we have these new requirements: regulators are concerned about fair lending risk in commercial lending.

Incorporate analysis of this new data into your fair lending program as soon as you’re required to start collecting it. Don’t wait for the examiners to tell you that you have a fair lending issue with your commercial loans.

[1] Dodd-Frank Act section 1071(a), adding ECOA section 704B(g)(2), (12 USC 1691 et. seq.).
[2] Dodd-Frank Act section 1071(a), adding ECOA section 704B(b), (12 USC 1691 et. seq.).
[3] 12 CFR 202.2(f)
[4] Comment 2 to 12 CFR 202.2(f)
[5] Dodd-Frank Act section 1071(a), adding ECOA section 704B(h)(4), (12 USC 1691 et. seq.), referencing section 1204(c)(3) of the Financial Institution Reform, Recovery, and Enforcement Act of 1989.
[6] Dodd-Frank Act section 1071(a), adding ECOA section 704B(h)(3), (12 USC 1691 et. seq.).
[7] Dodd-Frank Act section 1071(a), adding ECOA section 704B(b)(1), (12 USC 1691 et. seq.).
[8] Dodd-Frank Act section 1071(a), adding ECOA section 704B(a), (12 USC 1691 et. seq.).