PROTECTED Act
- Bill Number
- S. 2352
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Finance and Financial Sector
- Status
- Introduced
- Latest Action
- 2025-07-17: Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.
- Last Updated
- 2026-06-27T20:41:19Z
AI-Generated Summary
Purpose
The PROTECTED Act (S. 2352) aims to amend the Equal Credit Opportunity Act (ECOA) to revise rules on collecting data for small business loans. It seeks to reduce regulatory burdens on lenders, protect applicant privacy by limiting how data is gathered and used, and ensure compliance focuses on voluntary responses rather than penalties for low participation rates.
Key Provisions
- Informing Applicants: Financial institutions must collect certain demographic data (like race, ethnicity, and sex) from small business loan applicants but can now explain in writing that:
- The Bureau of Consumer Financial Protection (CFPB) requires this reporting to the government.
- Providing the information won't influence the loan decision.
- Applicants aren't required to respond.
- Data Handling and Privacy:
- Lenders cannot create or maintain demographic data based on visual observation or guesses; it must come directly from the applicant.
- The percentage of applicants who respond (response rate) cannot be used to evaluate a lender's compliance.
- Bureau Oversight:
- Before altering or removing collected data, the CFPB must issue rules after public notice and comment, explaining the changes and how they protect privacy.
- Enforcement and Timeline:
- A 2-year "safe harbor" period exempts lenders from enforcement after the law takes effect.
- The changes apply 3 years after the CFPB completes required cost-benefit analyses under the Regulatory Flexibility Act (which assesses impacts on small entities) and the Paperwork Reduction Act (which reviews paperwork burdens).
- Definitions:
- Financial Institution: Covers entities (like companies or trusts) that engage in financial activities and originated at least 2,500 small business loans in each of the prior two years. Excludes those with under $10 billion in assets, Farm Credit System institutions, community development financial institutions (CDFIs, which provide financial services to underserved communities), and lenders focused on equipment or vehicle financing.
- Small Business: An entity with gross annual revenues of $1 million or less in the previous fiscal year.
Significant Changes to Existing Law
- Narrows data collection by removing certain required data points (specific subparagraphs on demographics) from the original ECOA Section 704B.
- Shifts from mandatory to more voluntary collection, emphasizing applicant-provided information only and prohibiting inferred data.
- Introduces procedural hurdles for the CFPB, like mandatory rulemaking for data modifications and pre-implementation analyses, which weren't required before.
- Redefines "financial institution" to exempt smaller or specialized lenders, limiting the law's scope compared to broader ECOA requirements.
- Adds a delayed effective date and safe harbor, providing a grace period not present in prior rules.
Potential Impacts
- On Government Agencies: The CFPB faces increased administrative work, including cost-benefit analyses, public rulemaking, and limited enforcement options, potentially slowing data-driven fair lending oversight.
- On Citizens and Businesses: Small business owners gain privacy protections (e.g., no guessed demographics) and clearer opt-out options, but reduced data collection might limit insights into lending discrimination. Larger lenders could see lower compliance costs, possibly leading to more lending to small businesses.
- On International Relations: No direct impacts, as the bill focuses on domestic U.S. financial regulations.
Main Stakeholders Affected
- Financial Institutions: Larger lenders (those originating many small business loans) benefit from reduced burdens and safe harbors but must adjust data practices; smaller or exempt entities (e.g., CDFIs, low-asset banks) face no changes.
- Small Business Applicants: Protected from unwanted data inference and assured non-impact on loan approvals, potentially increasing trust in the lending process.
- Bureau of Consumer Financial Protection (CFPB): Responsible for implementation, rulemaking, and analyses, with constraints on enforcement and data handling.
- Regulators and Advocacy Groups: Fair lending watchdogs may see challenges in monitoring discrimination due to narrower data requirements, while business groups could support the deregulation aspects.
Notable Legal, Constitutional, or Political Implications
- Legal: Strengthens privacy in financial data under ECOA by mandating applicant consent and CFPB rulemaking, aligning with broader data protection trends. The safe harbor and delayed effective date provide legal certainty but could face challenges if seen as weakening anti-discrimination enforcement.
- Constitutional: No direct conflicts, but it balances First Amendment privacy interests against Congress's commerce clause authority over lending; the voluntary collection aspect avoids compelled speech issues.
- Political: Promotes deregulation to ease burdens on businesses (titled to "empower communities" and "prevent overreach"), potentially appealing to pro-business lawmakers, while critics might argue it hinders efforts to address lending disparities in underserved communities. The bill's referral to the Senate Banking Committee suggests focus on economic policy debates.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (1)
Recent Actions
- 2025-07-17: Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.
- 2025-07-17: Introduced in Senate
Bill Versions
- Preventing Regulatory Overreach to Empower Communities to Thrive and Ensure Data Privacy Act — issued 2025-07-17 — PDF (6 pages)