Comments to Consumer Financial Protection Bureau on Small Business Lending Data Collection By Race and Gender

Photo Credit: Getty

Dear Mr. Chopra,

On behalf of the Competitive Enterprise Institute (CEI), I respectfully submit the following comments in response to the Consumer Financial Protection Bureau’s (CFPB) notice of proposed rulemaking on the implementation of Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Section 1071 requires financial institutions to collect, maintain, and send to the bureau data on credit applications by women-owned, minority-owned, and small businesses.[1]

CEI is a Washington-based free-market public policy organization, founded in 1984, that studies the effects of regulations on job growth and economic well-being. Our mission is to advance the freedom to prosper for consumers, entrepreneurs, and investors. At CEI, we have long championed private-sector innovation that promotes financial inclusion and warned about government red tape that contributes to the problem of the unbanked.[2]

My colleagues and I are pleased that financial technology—commonly referred to as FinTech—is widening access to credit for entrepreneurs who had previously been overlooked by lenders as good credit risks. FinTech is also widening the reach of lending products for community banks and credit unions that embrace the technology.[3]

However, we are worried that excessive red tape—even if it is motivated by the noble purpose of widening financial inclusion—could turn out to be counterproductive and hurt those it is intended to help. In the case of section 1071, there are multiple pitfalls that could result in reduced availability of credit for women and minorities as well as other entrepreneurs.

For instance, a small business owner seeking credit may be put off by questions on the application about his or her race and gender—seeing such questions as stigmatizing or invasive of privacy—and may be less likely to fill out such an application. A startup FinTech lender, small credit union, or community bank may have fewer resources for making small-business loans—which could even lead it to stop making small-business loans altogether—if compliance costs for this rule prove to be too high. Financial institutions may also worry that the data sent to the CFPB may not be kept secure or could be misused to paint a misleadingly negative picture of their lending practices, which could also lead them to reduce or eliminate lending to small businesses.

Fortunately, Dodd-Frank gives the CPFB a wide degree of flexibility in implementing Section 1071, allowing it to exempt certain classes of financial institutions and limit the number of transactions for which financial institutions must collect, maintain, and submit data. The CFPB should use this flexibility to tailor the final rule so that it does not create a crushing burden that would stifle innovation in small business lending and harm financial inclusion.

Understanding the credit market for small businesses

Many small entrepreneurs of all races and genders do not receive their initial capital and credit from traditional banks, because banks are wary of making loans to risky startups. Sometimes, credit cards offer the only path to getting a business off the ground. The widely respected Kauffman Foundation has found that almost half of all small businesses in the U.S. use personal credit cards for financing.[4] One of these small entrepreneurs was Sergey Brin, who used his personal credit cards as a college student in the 1990s to start the online search engine that is today known as Google.[5] Now-famous filmmakers such as Spike Lee and Quentin Tarantino also maxed out their credit cards to make their first films.[6]

Yet, although credit cards have been crucial for many entrepreneurs to get their start, there are obvious drawbacks of using them as the main source of a small business’ credit. Among other things, maxing out a credit card can harm an entrepreneur’s credit rating, discouraging alternative sources of lending and investment.

That is why a welcome development in recent years has been the emergence of reputable online FinTech lenders and lending platforms—including Kabbage, OnDeck/Enova, Lendio, and Funding Circle—that have helped to fill a void in credit specifically tailored to small businesses. Emerging research from the Federal Reserve Bank of New York and the Stern School of Business at New York University documents the role of Fintech intermediaries in getting loans from the federal Paycheck Protection Program to minority business owners.[7]

Therefore, it is crucial that the final rule not be so burdensome as to harm the ability of either FinTech or traditional lenders to reach underserved communities. The following are some changes to the proposed rule that would reduce unnecessary regulatory burdens. This is far from an exhaustive list, and the CFPB should pay close attention to suggestions submitted by other commenters concerned with making sure this rule does not end up being counterproductive.

Extend the implementation period from 18 months to at least three years

For the financial institutions affected by this rule, the collection and maintenance of the voluminous amount of data they are required to submit to the CFPB present a host of challenges. These include substantial changes to systems and policies used to make loans. For the rule to work effectively with minimal disruption that could reduce credit to small businesses, the lending firms affected by this rule need significant time for implementing major changes—from employee training to ironing out inevitable information technology glitches that could compromise data security if not corrected.

Many online lenders do not currently ask applicants’ race or gender, and their processes are automated, so they never know the race or gender of those to whom they lend. This is a feature, not a bug, that protects against intentional discrimination. Reprogramming a system to collect this data for the purpose of reporting it to the CFPB is a radical change that needs significant time to be developed and then explained properly to the lenders’ employees and borrowers.

For whatever reason, the CFPB initially contemplated a two-year implementation period, then shortened that to 18 months in this proposed rule. Neither period is enough time. Some lenders say that they need three years for successful implementation.[8] The CFPB should have an implementation period at least that long and possibly longer to accommodate innovative startups and small banks and credit unions for which implementation would be a particular struggle given their resources.

Do not require more data to be collected than that required by Section 1071

The proposed rule exceeds the statutory requirements of Dodd-Frank Section 1071 for what data need to be collected. In addition to the law’s mandated categories of the loan applicant’s race and gender, this rule also inexplicably requires financial institutions to collect their borrowers’ six-digit North American Industry Classification System (NAICS) code, which federal agencies use to classify businesses for the purpose of collecting, analyzing, and publishing U.S. economic statistics. This could cause confusion and errors, since many small entrepreneurs may not know the NAICS code for their businesses. In the proposed rule, the CFPB notes that in response to its “request for information” in 2017, “many stakeholders expressed concern about the difficulties in determining the appropriate NAICS code for businesses.” And, since the rule has no “safe harbor” for submission of incorrect codes, it could lead to financial institutions being found to be noncompliant with the rule.

The rule should not go beyond the law’s requirements in mandating the collection of these or other data that are not explicitly mandated by the statute. Requiring a plethora of data to be collected adds costs that may harm financial institutions’ ability to provide credit and could compromise data security, as it could make it easier for bad actors to hack into databases to gain access to individual credit applicants’ personal and financial information.

Data collection mandates in excess of what the law requires also may not withstand judicial scrutiny. Courts may find them to be “arbitrary and capricious,” if they find that the CFPB has “relied on factors which Congress has not intended it to consider” or “offered an explanation for its decision that runs counter to the evidence before the agency”[9]

Require the CFPB to implement robust data security

Under this rule, the CFPB would store massive amounts of data from financial institutions. The highest level of care must be taken to safeguard this data to prevent it from being compromised. A major data breach could undermine confidence in the small business lending market and harm small businesses that lack resources to effectively resolve issues related to compromised data. Data security is another important reason why the CFPB should rethink the current rule’s short implementation period and excessive data collection requirements.


The CFPB needs to make serious changes to the proposed rule to ensure it does not harm financial inclusion and the very entrepreneurs the Dodd-Frank law was intended to help. The Consumer Financial Protection Bureau should extend the rule’s comment period and consider withdrawing and resubmitting a rule better tailored to the needs of both small business borrowers and small and startup financial institutions.

Thank you for this opportunity to present the views of the Competitive Enterprise Institute. If you or your staff should have any questions, please feel free to contact me by phone or email.


John Berlau,

Senior Fellow

Competitive Enterprise Institute

(202) 331-2272

[email protected].

[1] Small Business Lending Data Collection Under the Equal Credit Opportunity Act (Regulation B), Federal Register, Vol. 86, No. 193 (October 8, 2021), pp. 56356-56606

[2] Testimony of John Berlau before the House Financial Services Committee, Subcommittee on Consumer Protection and Financial Institutions Hearing: “Banking the Unbanked: Exploring Private and Public Efforts to Expand Access to the Financial System.” July 21, 2021,

[3]Ibid.; Katie Kuehner-Hebert; “How 3 Community Banks are Innovating with Fintechs,”

 Independent Banker, November 1, 2021, Krawitz, “Credit Union and Fintech Partnerships Bring Innovation Out of the Shadows,” Forbes, March 25, 2021,

[4] “The Kauffman Firm Survey,” Kauffman Foundation, March 2008,

[5] “Finance Your Start-up With Credit Cards? Google Did,”, March 23, 2016,

[6] John Tamny, Who Needs the Fed?: What Taylor Swift, Uber, and Robots Tell Us About Money, Credit, and Why We Should Abolish America’s Central Bank (New York: Encounter Books, 2016), Google Books; Christopher Kelly, “Did It Their Way,” Texas Monthly, January 2012,

[7] Jessica Battisto, Nathan Godin, Claire Kramer Mills, and Asani Sarkar, “Who Received PPP Loans by Fintech Lenders?” Federal Reserve Bank of New York Liberty Street Economics, May 27, 2021,; Sabrina T Howell, Theresa Kuchler, David Snitkof, Johannes Stroebel, and Jun Wong, Racial Disparities in Access to Small Business Credit: Evidence from the Paycheck Protection Program, October 5, 2021,

[8] Comments from the Innovative Lending Platform Association, January 4, 2022,

[9] Motor Vehicle Manufacturers Association of the United States, Inc. v. State Farm Mutual Auto Insurance Co., 463 U.S. 29, 43 (1983),

View Full Document as PDF.