MADISONVILLE, La. – President Joe Biden has vetoed Sen. John Kennedy’s (R-La.) Congressional Review Act (CRA) resolution of disapproval, which would have prohibited the Biden administration’s Consumer Financial Protection Bureau (CFPB) from enforcing its Dodd Frank Section 1071 small business data collection rule.

“Being a small business owner in America is stressful enough without worrying about your personal information being exposed as you grow your business. I’m very disappointed that President Biden chose to veto this simple resolution that could have protected the private information of small business owners from this invasive woke CFPB rule,” said Kennedy.

The Senate passed Kennedy’s resolution in October. The House of Representatives passed the resolution in December, sending it to the president’s desk.

Section 1071 requires covered financial institutions to collect and report certain personal information on small business loan applicants and report that to the CFPB. This information includes an applicant’s race, ethnicity and sex and whether the business is minority-owned, woman-owned or LGBT-owned. The CFPB may then make certain parts of that information public, including data that could be used to publicly identify the small business credit applicant.

In August, Kennedy led a letter to CFPB Director Rohit Chopra, urging the bureau to pause its 1071 data collection rule while the courts determine the validity of the Section 1071 rule.

Background

On March 30, 2023, the CFPB promulgated the final rule implementing Section 1071 of the Dodd-Frank Act, which amends the ECOA. The rule was published in the Federal Register on May 31, 2023.

To comply with the Biden CFPB rule, financial institutions will have to collect information about applicants, including the applicant’s census tract, North American Industry Classification System code and years in business—among other information.

• The rule applies to financial institutions that originated at least 100 small business loans in each of the two preceding calendar years. 

• A small business is defined as a company with $5 million or less in revenue from the previous fiscal year.

Among the many concerns about the CFPB’s collecting and storing such personal information is that the agency recently experienced a data breach including the personally identifiable information of 256,000 consumers and failed to properly inform them for two months. 

The implementation of this rule may also reduce the availability and accessibility of small business credit by increasing the compliance costs of lenders.

Text of Kennedy’s resolution is available here.

Video of Kennedy’s comments at the resolution’s Senate passage is here.