To clarify and address ongoing litigation, the Consumer Financial Protection Bureau (CFPB) has issued an interim final rule to extend the compliance dates for its 2023 small business lending data collection requirements. The rule, which amends Regulation B, also makes several date-related conforming adjustments.
Here are five big takeaways for GRC professionals:
Compliance Dates Extended by 290 Days
The CFPB will extend each compliance date set forth in the 2023 final rule by 290 days. This means that covered financial institutions with the highest volume of small business originations (Tier 1) must begin collecting data by July 18, 2025. Moderate-volume institutions (Tier 2) have a new compliance date of January 16, 2026, and the smallest-volume institutions (Tier 3) must comply by October 18, 2026.
Flexibility in Determining Compliance Tier
Financial institutions can continue using their small business originations from 2022 and 2023 to determine their compliance tier. Alternatively, they may use their originations from 2023 and 2024. This flexibility allows institutions to choose the dates that best align with their preparedness for compliance.
Voluntary Early Collection of Protected Demographic Data
The interim final rule maintains the provision allowing financial institutions to voluntarily collect protected demographic information required under the 2023 final rule beginning 12 months before their compliance date. This enables institutions to test their procedures and systems before the mandatory collection and reporting requirements.
Grace Period Policy Statement Updated
The CFPB is also updating its grace period policy statement to reflect the revised compliance dates. This 12-month grace period gives institutions time to diagnose and address unintentional errors without the prospect of penalties for inadvertent compliance issues. The CFPB believes this approach will enable deliberate and thoughtful compliance while providing important small business lending data.
Demand for Compliance Expertise Expected to Rise
As financial institutions navigate the extended compliance timeline and prepare for the new data collection and reporting requirements, the demand for professionals with expertise in regulatory compliance, risk assessment, and auditing is expected to increase. Organizations will likely seek talent to strengthen their compliance management systems, conduct thorough risk assessments, and develop robust audit plans to ensure adherence to the amended Regulation B.
The CFPB’s interim final rule provides much-needed clarity for financial institutions as they work to comply with the small business lending data collection requirements. By extending the compliance dates and offering flexibility in determining compliance tiers, the CFPB aims to facilitate a smooth transition for covered institutions.
