COMMENT CALL: The CFPB is proposing to revise its small business lending rule under the Equal Credit Opportunity Act (Reg. B). The changes would narrow the scope of data to be collected and focus on larger lenders.
Background
As explained in The League’s ii Release No. B083, the rule requires financial institutions that do a certain amount of lending to small businesses to collect and report to federal authorities data about those loans. Small businesses are those with less than $5 million in gross revenue in their last fiscal year.
The data includes basic information about the business and the loan, similar to the HMDA reporting requirement but for small business lenders. It also requires covered lenders to ask if the business applying is minority-owned, women-owned, or LGBTQ+-owned, as well as the applicant’s principal owners’ ethnicity, race, and sex. The rule is intended to help authorities enforce fair lending laws.
Last spring, the CFPB extended the rule’s compliance dates until 2027-28 and announced that it planned to revise the rule, as explained in this Compliance Courier.
The proposed changes
The proposal includes several significant changes to the rule, which implements Section 1071 of the Dodd-Frank Act:
- Small business definition. The proposal would lower the threshold at which a borrower is considered a “small business” – from gross annual revenue of $5 million or less to $1 million or less, with future inflation adjustments in $100,000 increments every five years starting in 2035. In its proposal, the CFPB wrote that that it “believes that the focus of the rule, at least initially, should be truly small businesses.”
- Covered financial institutions. The CFPB wrote that the rule should “focus on larger core lenders.” So, the proposal would raise the threshold at which financial institutions (including credit unions) would be subject to the rule, from 100 to 1,000 covered small business credit transactions originated for each of two consecutive years.
- Covered credit transactions. The CFPB wrote that it believes “that the initial iterations of data collection under the rule should focus on the core, widely used lending products most likely to be foundational to small businesses’ formation and operation.” For that reason, merchant cash advances, agricultural lending, and small dollar loans under $1,000 (to be adjusted for inflation) would not be subject to the rule.
- Data points. The proposal would reduce the number of data points that covered lenders would have to collect about their small business loans. It would require only the fields specified under Section 1071 of the Dodd-Frank Act, plus a small set of discretionary items needed to make those statutory fields useful (e.g., NAICS code, time in business, number of principal owners). The proposal would remove several other discretionary data points, including application method, application recipient, denial reasons, pricing components (including interest rate and fees), and the business’ number of workers.
- Demographic information. The proposal would change the collection of demographic information in two ways.
First, it would remove LGBTQI+‑owned business status and require collection of principal owners’ sex using a static male/female choice, replacing free‑form text asking the applicant to state their “sex/gender.”
Second, while the rule would still require asking for the race/ethnicity of principal owners, the CFPB is asking for comments on whether to move from “disaggregated” subcategories to only “aggregate” categories initially, to reduce complexity. (Aggregate categories would be: American Indian or Alaska Native; Asian; Black or African American; Native Hawaiian or Other Pacific Islander; and White. Disaggregated subcategories would include, under “Asian” for example, Asian Indian, Chinese, Filipino, Japanese, Korean, Vietnamese, and Other Asian.)
The right for applicants to refuse to provide demographic information would be more prominent in the rule’s text and sample forms. Applicants still would have to be informed if underwriting staff will access the demographic responses.
- Time and manner of collection. Covered financial institutions would still have to maintain procedures “reasonably designed to obtain a response” from applicants, but other expectations (such as monitoring low response rates) would be removed or recast as guidance.
- Compliance date. The proposal would extend the rule’s compliance date to Jan. 1, 2028, for all covered financial institutions. The current rule staggers compliance dates, depending on how many small business loans a lender has originated.
Make your voice heard
The proposed changes “would be a positive change for credit unions and their small business members,” America’s Credit Unions has said. Do you agree? The League would like to hear your thoughts before we comment on this proposal. Please share your feedback with Paul Guttormsson by Dec. 8 so that our comment letter, which is due Dec. 15, can reflect your views. (We won’t identify your credit union in our letter, of course.)
Fraud Symposium from InfoSight360
Dec 02, 2025 1:00 PM – 4:00 PM
InfoSight360 is excited to announce the return of their virtual Fraud Symposium, hosted in collaboration with League and Association partners. The symposium is free for affiliated members! See this link for more information and registration.