On May 16, the U. S. Supreme Court, in a 7-2 ruling, held that the Consumer Financial Protection Bureau’s funding mechanism does not violate the Appropriations Clause of the U.S. Constitution.
The decision is a win for the Consumer Financial Protection Bureau (CFPB)’s regulatory agenda, including for the Bureau’s Section 1071 Small Business Data Collection Rule.
Section 1071 requires covered financial institutions to collect and report certain data on certain credit transactions with small businesses. These are defined as businesses with revenues under $5 million. These transactions include loans, lines of credit, credit cards and merchant cash advances. Factoring, true leases, trade credits and certain other transactions are excluded.
After the CFPB issued a final rule in March 2023, several trade associations challenged the rule in federal court in the Southern District of Texas. This lawsuit was stayed pending the Supreme Court’s decision.
With the ruling erasing any uncertainty over its constitutionality, the CFPB may now move forward with its aggressive regulatory agenda. But where does that leave the status of 1071?
Compliance deadlines on horizon
In Texas Bankers Association, et al. vs. CFPB, et al., the federal lawsuit that is the furthest along, the plaintiff trade associations filed a motion for summary judgment, requesting the court dispense with a trial and immediately bar enforcement of Section 1071. The trade associations argued that the bureau had overstepped its authority in promulgating the rule and rushed to finalize it.
The rule, plaintiffs argue, requires lenders to collect a significant amount of data, even when borrowers decline to provide it. Plaintiffs also argue that the rule constitutes a large and costly compliance burden that is likely to cause negative downstream effects for banks and small businesses alike, leading to reduced access to credit for small businesses.
However, the trial court refused to issue an injunction to stay the rule while the litigation plays out. This means Section 1071 is in effect and its compliance dates are on the horizon.
Based on directions provided by the trial court that issued the injunction, the CFPB updated the compliance deadlines following the Supreme Court decision:
- Tier 1 lenders, or those with at least 2,500 covered transactions (that trigger the rule’s data collection requirements) have until July 18, 2025, to comply with the rule;
- Tier 2 lenders, or those that have between 500 to 2,499 covered transactions, have until June 1, 2026; and
- Smaller lenders, or those with 100 to 499 covered transactions, have until June 1, 2027, to comply.
Covered commercial lenders will have to establish and implement a process to start collecting the various data points required by Section 1071 by the applicable deadlines above. These data points include transactional information such as:
- Type of credit transaction, its purpose and the amount; and
- Demographic information, such as the race of the principal owners, whether the business is owned by a minority, woman or LGBTQI+ person and the census tract where the business is located.
As such, the compliance burden on lenders may be staggering, with estimates as high as $6.8 billion in one-time implementation costs, and annual ongoing costs of almost $2 billion for the banking industry alone.
Legislative fixes advancing
For commercial lenders concerned about the compliance burden, a potential legislative fix is before Congress. H.R. 1806, otherwise known as The Small Lender Act, was introduced in March 2023 by U.S. Rep. J. French Hill (R-AR). The proposed law includes the following changes:
- It would codify that a reporting financial institution is one that originates at least 500 covered transactions in each of the last two years, as opposed to the rule’s current requirement of 100 transactions. This would help exempt some commercial lenders who lend to small business less frequently.
- It would change the definition of “small business.” Under 1071, lenders will have to report credit transactions they make to businesses with annual revenues of $5 million or less. The legislation changes that threshold to $1 million or less, excluding certain businesses that lenders have argued are not entirely “small.”
- Finally, it extends the compliance deadline by up to three years and provides a two-year safe harbor to ensure that financial institutions are not penalized for minor mistakes.
Supporters of the legislation argue that The Small Lender Act seeks to balance the CFPB’s regulatory goals with the operational realities of lenders. This is especially so for smaller banks and credit unions, who argue that the original requirements of 1071 will put an undue strain on business operations. Whether this legislation is adopted remains to be seen.
Looking ahead: Move toward compliance
With the backing of the Supreme Court, the CFPB is well positioned to continue its regulatory agenda, including moving forward with implementing 1071. Despite the pending litigation and the potential for a legislative fix by Congress, lenders should have a plan in place to ensure compliance.
The rule’s heavy and exacting compliance burden requires that lenders take steps now and not wait for legislative or legal developments to play out. Failure to do so can subject lenders to substantial regulatory risk.
Moorari Shah, Mehul Madia and Maxwell Earp-Thomas are attorneys at Sheppard Mullin Richter & Hampton LLP in the firm’s Consumer Finance practice.