Consumer Compliance Outlook: First Quarter 2015

Consumer Compliance Requirements for Commercial Products and Services

By Laura L. Gleason, Senior Analyst, and Elizabeth Galvin, Former Research Assistant, Federal Reserve Bank of Philadelphia

The term “federal consumer protection laws” suggests that the scope of these laws is limited solely to consumer products and services. However, some of these laws — including the Equal Credit Opportunity Act (ECOA), the Flood Disaster Protection Act (FDPA), and the Servicemembers Civil Relief Act (SCRA), among others — also apply to commercial products and services. In addition, other federal consumer protection laws, although generally limited in scope to consumer products and services, include certain provisions that also apply to commercial products and services. For example, Regulation Z (the implementing regulation for the Truth in Lending Act (TILA)) includes certain requirements for business-purpose credit cards.

It is important that financial institutions that offer commercial products and services integrate the corresponding compliance requirements into their applicable policies and procedures. This article provides a general overview of these laws and regulations.

Equal Credit Opportunity Act/Regulation B

The ECOA, as implemented by Regulation B, requires that creditors do not discriminate on a prohibited basis in any aspect of a credit transaction. Prohibited bases include race, color, religion, national origin, sex, marital status, or age (provided that the applicant has the capacity to enter into a binding contract); if the applicant’s income is being derived from public assistance; or if the applicant exercises in good faith any right under the Consumer Credit Protection Act or any state law upon which an exemption has been granted by the Consumer Financial Protection Bureau (CFPB).1 ECOA and Regulation B apply to all consumer and commercial credit transactions, with limited exceptions.2

Adverse action notification requirements to business credit applicants.3 Although ECOA and Regulation B apply to both consumer and business credit applicants, the notice requirements vary when credit is extended to a business. For business credit applicants who had $1 million or less in gross revenues during the prior fiscal year, the timing requirements and the contents of the notices are the same as for consumer applicants although financial institutions may notify the applicants of the adverse action either orally or in writing.4 Additionally, a creditor has the option of disclosing at application (instead of after adverse action is taken) the right to request the reasons for the action taken, provided that this disclosure includes the ECOA notice and the applicant’s right to a statement of specific reasons for the action taken.5

For business credit applicants who had more than $1 million in gross revenues during the prior fiscal year, creditors must notify applicants of adverse actions orally or in writing within a reasonable time, as opposed to the 30-day requirement for consumer credit applicants and business credit applicants with $1 million or less in gross revenues. Creditors must provide a written statement of the reasons for the adverse action and the ECOA notice if the applicant makes a written request within 60 days of the creditor’s notification.6

Spousal signature rule. Before discussing spousal requirements in connection with commercial credit, we should review the core requirements: When an applicant applies for individual credit and meets the creditor’s lending standards for the amount and credit terms requested, the creditor cannot require an applicant’s spouse (or anyone else), other than a joint applicant, to sign the credit instrument, subject to certain exceptions.7 If the individual applicant does not meet the creditor’s lending standards, the creditor may ask for a guarantor to provide credit support but cannot specify that it be the applicant’s spouse. To implement these requirements, the regulation requires that when a husband and wife apply jointly for credit, their intent to do so must be evident at application. A spouse’s signature on a financial statement or joint signatures on a promissory note are insufficient for this purpose. However, the staff commentary states that “signatures or initials on a credit application affirming applicants’ intent to apply for joint credit may be used to establish intent to apply for joint credit.”8 For additional information on the spousal signature rules, see the Consumer Compliance Outlook (Outlook) article “Regulation B and Marital Status Discrimination: Are You in Compliance?” by Carol Evans and Surya Sen (Fourth Quarter 2008).

For commercial credit, a creditor may require the personal guarantee of the partners, directors, or officers of a business as well as the shareholders of closely held corporations even though the business independently meets the creditor’s lending standards for the amount and terms requested. Creditors must base this decision on the guarantor’s relationship to the business and not on a prohibited basis, such as requiring guarantees only for women-owned or minority-owned businesses or requiring guarantees only from the married officers of a business or the married shareholders of a closely held corporation.9

Record retention requirements. ECOA requires financial institutions to retain all written or recorded information in connection with a commercial credit application for 12 months after the date that the applicant learned of the adverse action taken (compared with 25 months for consumer credit applications).10

Statute of limitations for ECOA lawsuits. The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) extended the statute of limitations for ECOA claims from two to five years.11 As a result, creditors have longer exposure to civil legal liability for consumer and commercial credit transactions. In some cases, courts have held that if a creditor secures a borrower’s or guarantor’s liability on a credit instrument in violation of ECOA or Regulation B and later files a collection lawsuit because of a default, the borrower or guarantor can raise the violation as a defense to the claim without regard to the statute of limitations.12

Flood Disaster Protection Act/Regulation H

The FDPA mandates, with limited exemptions,13 that federally regulated lending institutions cannot make, increase, extend, or renew a loan secured by a building or mobile home located in a special flood hazard area (SFHA) unless the building or mobile home and any personal property securing the loan is covered by flood insurance for the term of the loan.14 The type and location of the collateral are the primary factors for this determination; the loan purpose (i.e., consumer or commercial) is not relevant. For an overview of flood insurance requirements, refer to the Outlook article “Flood Insurance Compliance Requirements” by Kenneth Benton and Michael Schiraldi (Fourth Quarter 2011).

In some cases, when a lender provides notice to a borrower that the property securing the loan is in an SFHA, a borrower may disagree with the finding. For example, the borrower may believe that the property was inadvertently included in the Flood Insurance Rate Map. Borrowers may seek to resolve these disputes through a process established by the Federal Emergency Management Agency (FEMA), which administers the National Flood Insurance Program. FEMA created the Letter of Map Change (LOMC) to resolve disputes about FIRMs. Several LOMC types are available, with the appropriate one depending on the nature of the request:

When such a dispute occurs, regulators can rely only on a final determination from FEMA to resolve the issue. More information about the LOMC process and application procedures is available on FEMA’s website.15 FEMA has also published an online LOMC tutorial16 and LOMC frequently asked questions.17

Finally, Congress has passed two laws in recent years — the Biggert-Waters Flood Insurance Reform Act (BWA) of 201218 and the Homeowner Flood Insurance Affordability Act (HFIAA) of 201419 — that have amended certain provisions of the FDPA. The federal banking agencies and the Farm Credit Administration (FCA) have issued two rulemaking proposals to implement the BWA and the HFIAA.20 The proposals are currently pending. In the interim, the agencies issued the “Interagency Statement on the Impact of Biggert-Waters Act” to clarify certain issues, including the effective dates of some of the provisions of these laws.21

FEMA has also made a change to the program concerning waiting periods. FEMA generally imposes a 30-day waiting period when a flood policy is purchased, subject to certain exceptions.22 One long-standing exception was a lender’s purchase of a force-placed policy after the lender determined that a property securing a loan was in an SFHA and did not have flood insurance. In April 2013, FEMA announced in Bulletin W-13017 that effective October 1, 2013, the 30-day waiting period would also apply to force-placed policies purchased through the Mortgage Portfolio Protection Program. This bulletin is discussed in more detail in this month’s Compliance Update.

Fair Credit Reporting Act

The FCRA regulates the furnishing and collection of consumer credit information and access to credit reports and imposes certain disclosure requirements. Some FCRA provisions have implementing regulations, while others do not. Although the FCRA is generally limited to consumer credit transactions, it also applies in some instances to commercial credit transactions involving a consumer.

Permissible purpose to obtain consumer report. Creditors must have a permissible purpose to obtain a consumer’s credit report, regardless of the purpose of the transaction.23 In some cases, when credit is extended to a business, the creditor will include the business’s principal on the credit instrument as a guarantor or co-obligor and obtain the consumer’s credit report. The question arises whether a creditor has a permissible purpose in this circumstance.

A creditor always has a permissible purpose to obtain a credit report if the consumer authorizes it in writing.24 If a creditor is unsure if it has a permissible purpose for a business purpose loan for which the consumer is a guarantor or co-obligor, it has been an acceptable practice for the creditor to include an authorization to access the consumer’s credit report in the credit application or in a separate document.25

Adverse action notice. The FCRA requires that if a person accesses a consumer report and takes adverse action based, in whole or in part, on information in the report, the consumer must be given an adverse action notice.26

The FCRA may so apply when a creditor pulls a credit report on a consumer who is or could be liable for a commercial loan (for example, the consumer is the principal of a business and the creditor wants the consumer to be a guarantor or coapplicant on the loan) and takes adverse action based on the report. If the consumer is acting as a guarantor, a surety, or in a like capacity on the commercial loan, an adverse action notice is not required because the FCRA definition of adverse action is based on ECOA’s definition of adverse action, and ECOA’s definition does not apply to guarantors.27 However, if a consumer is a coapplicant for a commercial loan and adverse action is taken, based in whole or in part on information in the consumer’s report, and the creditor is unsure if an FCRA adverse notice is required, an adverse action notice may be provided.

Servicemembers Civil Relief Act

The SCRA28 provides certain financial protections to servicemembers and, in some cases, their spouses, dependents, and other persons subject to the obligations of service members. The SCRA covers issues such as rental agreements, eviction, installment loans, credit card interest rates, mortgage interest rates, mortgage foreclosure, automobile repossessions, and automobile leases.

The SCRA’s protections apply to obligations contracted prior to entering military service and cover servicemembers and joint obligations of servicemembers and their spouses. No distinction is made between consumer and commercial credit. For more information, refer to the FedLinks bulletin “Servicemembers Civil Relief ActExternal Link (February 2014), the Outlook article “Servicemember Financial Protection Webinar: Questions and Answers” by Lanette Meister, Laurie Maggiano, and Laura Arce (First Quarter 2013) and the 2012 Outlook Live webinar titled Servicemember Financial Protection.

Home Mortgage Disclosure Act/Regulation C

The HMDA as implemented by Regulation C requires lenders to collect and publicly disclose information regarding applications for, and originations and purchases of, home-purchase loans, home-improvement loans, and refinancings for each calendar year. Regulators use HMDA data during Community Reinvestment Act (CRA) evaluations to help determine whether financial institutions are serving the residential mortgage credit needs of their communities and in fair lending evaluations to help identify possible discriminatory lending patterns and enforce antidiscrimination laws. HMDA data are also used by economists, researchers, and community groups.

Although residential mortgages are the primary focus of HMDA reporting, certain commercial loans must also be reported. In particular, the refinancing of a dwelling-secured loan is reportable, regardless of the loan purpose.29 If a consumer obtained a commercial loan secured by the consumer’s dwelling, the loan would not be HMDA reportable when originated, but it would be reportable if the loan were refinanced because all refinancings of dwelling-secured loans are reported.30 In addition, Regulation C requires reporting of multifamily loans (housing for five or more families), which are typically commercial investment property loans (e.g., an apartment building).31

Finally, as required by the Dodd-Frank Act, the CFPB issued a rulemaking proposal in 2014 to amend Regulation C to expand the scope of its coverage and to require the collection of new data fields, which could also affect reporting requirements for commercial loans.32 The proposal is pending.

Community Reinvestment Act/Regulation BB

The CRA requires that the Federal Deposit Insurance Corporation, the Federal Reserve Board, and the Office of the Comptroller of the Currency periodically assess the record of each covered depository institution in helping to meet the credit needs of its community, including low- and moderate-income neighborhoods, consistent with safe and sound operations. The CRA also requires that large financial institutions (based upon asset size) collect and report their CRA small business and small farm lending activity. Outlook reviewed the reporting requirements in the article “Transitioning from an Intermediate Small Bank to a Large Bank Under the Community Reinvestment Act” by Rebecca Zirkle White (Fourth Quarter 2014).

Expedited Funds Availability Act/Regulation CC

The Expedited Funds Availability Act, as implemented by Regulation CC, requires that depository institutions make funds deposited into transaction accounts available according to specified time schedules and that they disclose their funds availability policies to their customers. It also establishes rules designed to speed the collection and return of unpaid checks and describes requirements that affect banks that create or receive substitute checks, including requirements related to consumer disclosures and expedited recredit procedures. The statute and the regulation apply to both consumer and commercial accounts.33

Truth in Lending Act/Regulation Z

The TILA as implemented by Regulation Z, seeks to provide “meaningful disclosure of credit terms so that the consumer will be able to compare more readily the various credit terms available to him and avoid the uninformed use of credit ….”34 The TILA and Regulation Z’s scope is generally limited to consumer credit, as defined in 12 C.F.R. §1026.2(a)(12) and elaborated upon in the staff commentary.

However, two provisions apply to credit cards issued for business purposes. First, credit cards can only be issued, regardless of their purpose, in response to an application or oral or written request or as a substitute for or renewal of an existing card.35

Second, the regulation provides protections to employees for unauthorized use of a business credit card where a card issuer provides 10 or more credit cards for use by the employees of an organization.36


Although many federal consumer protection laws and regulations solely apply to consumer transactions, in some instances, a financial institution’s commercial products and services are also subject to certain of these requirements. Financial institutions should review these requirements to ensure that effective policies and procedures are in place for complying with these laws and regulations. Specific issues and questions should be raised with your primary regulator.