The new small business finance rule passed by the Consumer Financial Protection Bureau (CFPB) requires “Covered” financial institutions to collect and report data on applications for credit for small businesses. This rule, known as the “Small Business Lending Rule Under the Equal Opportunity Act (Regulation B),” mandates that financial institutions gather and submit information about the geographic distribution of small business lending applications, loan approvals and denials, and demographic details about the principal owners of small business applicants (the “SBLR”)[1]. The SBLR was initially enjoined nationally by a Federal Court in the Southern District of Texas which determined that the CFPB’s funding structure violated the Constitution’s appropriation’s clause[2]. But the United States Supreme Court upheld the CFPB’s funding structure as being constitutional[3]. Thereafter, the CFBP extended the compliance deadlines by 290 days.
The SBLR was designed to implement changes to the Equal Credit Opportunity Act (ECOA) made by section 1071 of the Consumer Financial Protection Act of 2010. It aims to ensure that lenders do not discourage small business loan applicants from providing necessary data, including demographic information. The CFPB articulates the SBLR’s purpose as two-fold – “to… (1) facilitate enforcement of fair lending laws, and (2) enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses[4].” The SBLR applies to “Covered Financial Institutions” which “means a financial institution that originated at least 100 covered credit transactions for small businesses in each of the two preceding calendar years[5]”, includes but is not limited to, banks, credit unions, certain nonbank lenders, commercial finance companies and nonprofit lenders. There are exceptions to the SBLR, for instance – car dealerships. The SBLR phases in compliance and implementation based on the size of the financial institution, with the largest lenders required to comply first.
The SBLR breaks up the reporting requirements into “Tiers” as follows –
- Tier 1 – 2,500 covered originations (in the last 2 years)
- July 18, 2025 (Compliance Deadline), with a June 1, 2026 (First Filing Deadline)
- Tier 2 – 500-2,499 covered originations
- July 16, 2026 (Compliance Deadline), with a June 1, 2027 (First Filing Deadline)
- Tier 3 – 100-499 covered originations
- October 18, 2026 (Compliance Deadline) with a June 1, 2027 (First Filing Deadline)
Additionally, the SBLR allows small businesses to self-identify as women-, minority-, or LGBTQI+-owned, and it streamlines data collection by permitting lenders to rely on the information provided by the small business without requiring loan officers to make their own determinations of demographic information.
The SBLR also permits Covered financial institutions to begin collecting protected demographic data 12 months before their new compliance date, to test their procedures and systems. This “grace period” is designed to “give institutions time to diagnose and address unintentional errors without the prospect of penalties for inadvertent compliance issues[6]”.
While covered financial institutions have time to begin compliance, given the breadth and scope of the SBLR, we recommend a proactive approach to ensure that validation, confirmation and testing of reports prior to submission to the CFPB. Our team at TALG would be happy to guide you through the process.
[1] https://files.consumerfinance.gov/f/documents/cfpb_sbl-compliance-dates_interim-final-rule_2024-06.pdf
[2] See Tex. Bankers Ass’n v. Consumer Fin. Prot. Bureau, 685 F. Supp. 3d 445 (2023)
[3] See Consumer Fin. Prot. Bureau v. Cmty. Fin. Servs. Ass’n of Am., Ltd., 601 U.S. 416 (2024)
[4] https://files.consumerfinance.gov/f/documents/cfpb_sbl-compliance-dates_interim-final-rule_2024-06.pdf
[5] See CFR Section 1002.105(a)-(b)
[6] https://files.consumerfinance.gov/f/documents/cfpb_sbl-compliance-dates_interim-final-rule_2024-06.pdf
