Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

Understanding stablecoins and their purpose

Stablecoins are digital assets designed to maintain a consistent value, often by pegging their price to a fiat currency like the U.S. dollar. By reducing the volatility typically associated with digital assets, stablecoins offer a bridge between traditional finance and cryptocurrency.

There are three primary types of stablecoins, each with its own structure and risk considerations:

  1. Fiat-backed (collateralized)

These are the most common type of stablecoin. Each token is backed 1:1 by fiat currency or short-term government debt, with reserves typically held in regulated financial institutions. Transparency and regular audits are key components of trust in this model.

Examples: USDC, USDT (Tether), TrueUSD
Key traits:

  • Simple to understand and widely used
  • Considered lower risk, though reliant on issuer compliance and reserve verification
  1. Crypto-backed

Backed by other cryptocurrencies such as ETH, these stablecoins are often over-collateralized to account for the price volatility of the underlying assets. Collateral is held in smart contracts rather than traditional banks.

Examples: DAI, sUSD
Key traits:

  • Decentralized structure
  • Increased complexity and risk due to market volatility and smart contract exposure
  1. Algorithmic (non-collateralized)

These stablecoins use code, not reserves, to maintain price stability. Algorithms automatically expand or contract token supply based on market conditions. While the goal is price stability, this model remains largely experimental.

Examples: Frax (partially algorithmic), TerraUSD (defunct)
Key traits:

  • Offer decentralization
  • High risk and prone to failure during periods of stress

Other models to be aware of:

  • Commodity-backed: Pegged to assets like gold (e.g., Pax Gold)
  • Hybrid models: Combine multiple elements from the categories above to balance stability and decentralization

Understanding these categories can help financial institutions assess which stablecoins, if any, align with their risk tolerance, regulatory obligations, and long-term strategy.

Why financial institutions should care

Stablecoin’s steady value makes it a more practical option for everyday transactions than other cryptocurrencies, which are known for volatility. It combines the efficiency of blockchain technology, such as rapid settlement and lower transaction costs, with the financial stability that businesses and consumers expect from a medium of exchange.

In a historic move, the Senate Banking Committee recently passed a bipartisan stablecoin bill, known as the GENIUS Act. If signed into law, this act would set guidelines for stablecoin issuers and could make stablecoins common for digital payments and investments. The legislation introduces a plan for regulating stablecoin use, requiring 1:1 backing in cash or U.S. Treasuries and giving the Federal Reserve supervisory authority over large issuers. State regulators would oversee smaller issuers, preserving their role in overseeing regional financial institutions. This legislation is the most concrete sign yet that policymakers are preparing to bring stablecoins into mainstream payments, and compliance expectations are quickly materializing.

Stablecoin has the ability to offer faster settlement, greater accessibility, and new customer engagement opportunities. Examples include cross-border transfers, payroll, merchant payments, and decentralized (DeFi) platforms. With acceptance on the rise, financial institutions should understand how these products may intersect with their operations and risks, particularly in payments and compliance.

Risks and opportunities for financial institutions

Stablecoin has emerged as a key focus in the digital asset space, offering a less volatile alternative to traditional cryptocurrencies. The stablecoin market grew to approximately $159 billion in 2024 and has surged to more than $255 billion this year. With U.S. lawmakers signaling support and growing adoption across both consumer and institutional channels, now is the time for financial institutions to assess how stablecoins could impact their digital payment strategies.

Connect with an expert

FinCEN guidance on Stablecoin regulation

The Financial Crimes Enforcement Network (FinCEN) considers stablecoin a type of convertible virtual currency (CVC). As such, any financial institution facilitating stablecoin transactions must comply with Bank Secrecy Act (BSA) requirements and implement anti-money laundering/countering the financing of terrorism (AML/CFT) measures. This includes customer due diligence, suspicious activity reporting, and transaction monitoring.

Fraud guidance

In its guidance, FinCEN has warned that digital assets, stable or not, can still be exploited for money laundering, sanctions evasion, and fraud. Financial institutions must be prepared to identify and mitigate these risks, particularly as digital payment methods become more integrated with traditional banking.

Key risks financial institutions should consider

As stablecoins move closer to mainstream use, they bring new risks that banks and credit unions must be ready to manage:

Liquidity pressure during high redemptions

Even stablecoins that are fully backed by reserves can face problems if customers lose confidence and try to cash out all at once. This kind of “run” can create short-term cash flow challenges for institutions holding or processing these assets.

Risk tied to third-party partners

Working with outside stablecoin issuers or fintech providers means relying on their financial health and operational practices. Institutions should carefully vet these partners and have clear agreements in place about who is responsible for safeguarding assets, processing redemptions, and managing risks.

Compliance uncertainty and reputation concerns

The rules around stablecoins are still developing. Moving too fast, or not fast enough, can put a financial institution at risk. Engaging in stablecoin activities without a strong compliance program could lead to regulatory issues or damage customer trust.

Challenges detecting financial crime

Some stablecoin transactions are harder to trace than traditional payments. Without the right tools and processes, institutions might miss signs of suspicious activity. To stay compliant, AML and fraud monitoring programs should be able to track and evaluate blockchain-based transactions effectively.

Stablecoin carries many of the same risks as other financial instruments, plus some new ones. From AML/CFT compliance to liquidity planning, community financial institutions must treat stablecoin not just as a trend, but as a potential risk area that should be analyzed and managed.

What financial institutions should do now

Financial institutions have an opportunity to proactively position themselves as innovators and trusted providers of secure digital services. Whether or not your institution is engaging directly with stablecoin, these actions will help strengthen your position:

  1. Reassess your AML/CFT program: Ensure your risk assessment and AML/CFT compliance program can monitor for stablecoin risks, including identifying typologies related to stablecoin transactions.
  2. Monitor federal and state developments: Stay informed on legislative updates, particularly as the Senate bill advances. Look for guidance from FinCEN, the OCC, the NCUA, and the Federal Reserve on expectations for banks and credit unions.
  3. Engage internal stakeholders: Involve compliance, risk management, IT, and product development teams early. The more coordinated your approach, the better equipped you’ll be to assess opportunities and risks.
  4. Build fintech risk assessment processes: If partnering with a fintech or stablecoin issuer, apply enhanced due diligence measures and ensure service-level agreements clearly define responsibilities around compliance, custody, and data security.
  5. Educate your customers and your board: Help board members, executives, and customers understand how stablecoins work and the steps your institution is taking to protect their funds and data.

Looking ahead: Stability through preparation

Stablecoins have the potential to change how money moves, but they also bring new responsibilities for financial institutions. While this form of digital asset offers faster and more efficient payments, it also raises questions about oversight, risk, and readiness. With regulators beginning to set clearer expectations, now is the right time to get ahead of the curve. Banks and credit unions have succeeded by earning trust and adapting early, and preparing for stablecoin activity is a natural extension of that strength.

Stay ahead of stablecoin-related threats with proactive monitoring.

Webinar

Minimizing wire fraud risk: Strategies for faster payments and smarter defenses

Read More
Webinar

From exam room to boardroom: What regulators expect & boards need to know

Read More
Webinar

Under pressure: Mastering Financial Crime compliance in a changing landscape

Read More

AI adoption considerations

AI is becoming a valuable tool as credit unions adopt more advanced technology to serve their members and stay competitive. From streamlining operations to enhancing fraud detection and improving member experiences, AI can help credit unions keep pace with financial institutions while maintaining the personal touch. However, success depends on preparation.

This Abrigo article was originally published October 3, 2025 on CUInsight.com.

Proactive planning for introducing AI and machine learning

In a recent comment letter, America’s Credit Unions Director of Innovation and Technology, Andrew Morris, shared what credit unions need to continue successfully deploying AI. The letter notes that future AI action plans should:

  • Understand that many potential risks of using AI are not unique to AI itself, and many of these risks are already managed by current laws, regulations, or supervisory guidance.
  • Prioritize educating financial regulators about the practical applications of AI to prevent misunderstandings about the division of control between human and machine agents across different use cases.
  • Recognize that determining whether risks are material is especially important when evaluating AI systems. Without planning, the risks can outweigh the rewards.

Explore AI-powered, banker-controlled solutions from Abrigo

Learn more

10-step checklist for preparing to implement AI

Credit unions adopting AI must be strategic and thoughtful. This list offers a framework to help credit unions prepare for AI implementation that is secure, ethical, and aligned with their mission.

  1. Define your AI goals and governance structure

Credit unions adopting AI should have clear strategic objectives that align with their business goals — whether that’s improving risk management, modernizing member service, or gaining efficiency in operations. Before committing to new technologies, establish a cross-functional AI governance committee that includes stakeholders from compliance, data analytics, legal, technology, and business units. This group should oversee all AI use cases, maintain a model inventory, and ensure that high-risk models are reviewed regularly.

  1. Build AI literacy across your credit union

Successful AI adoption depends on widespread understanding. Train staff at all levels on core AI concepts like machine learning, predictive analytics, and generative AI. Credit unions adopting AI should consider offering ongoing AI literacy programs to help team members understand how AI will be used and their roles in oversight and implementation.

  1. Identify use cases and track ROI

Prioritize high-value, low-risk pilot projects that deliver tangible benefits. Whether it’s automating document classification, enhancing fraud detection, or reducing underwriting time, each AI use case should include defined outcomes and an ROI plan. Credit unions adopting AI must continuously measure performance and adjust based on results and risk evaluations.

  1. Prepare for evolving regulatory expectations

Credit unions adopting AI should prepare for compliance with future expectations from the NCUA, CFPB, and other agencies. Begin by documenting AI governance activities, cybersecurity protocols, and risk assessments. Simulate internal audits to assess regulatory readiness and include AI discussions in board meetings to ensure oversight at the highest level.

  1. Vet and manage third-party AI vendors

Ask for detailed information on how models are trained, what data is used, and what security protocols are in place. Review contracts for audit rights, breach notification clauses, and usage restrictions. Credit unions planning to utilize AI tools from vendors must confirm that these tools are covered under the vendor’s SOC 2 report and that they comply with privacy laws like GLBA and CCPA.

  1. Prioritize explainability and ethical use

Document how each model is developed, trained, tested, and validated. Pay special attention to high-risk models, such as those used in credit decisions or fraud alerts. Select models that balance performance with transparency, ensure inputs and outputs are logged, and conduct regular bias audits to maintain fairness and trust.

  1. Strengthen data privacy and cybersecurity controls

AI adds new layers of complexity to cybersecurity. Ensure sensitive member data is encrypted and cannot be used for unauthorized model training. Ask vendors how they defend against adversarial threats such as prompt injection or model manipulation. Update your incident response plan to include new risks introduced by AI systems.

  1. Establish generative AI usage policies

Credit unions adopting AI should restrict the use of generative tools to institution-approved platforms and specify the types of data that can be input into these systems. Provide guidance on what constitutes appropriate use and require staff to review AI-generated content for accuracy and compliance before use in member communications or decision-making.

  1. Plan for member communication and transparency

Inform members when AI is being used in ways that impact them — especially in areas like credit underwriting or fraud prevention. Offer clear opt-out options where possible, and make sure members know there’s still a human in the loop. Credit unions adopting AI should also set clear service level agreements for AI-driven tools that interact directly with members.

  1. Invest in long-term innovation planning

AI is not a one-time investment. Create a roadmap that aligns with long-term business goals and supports responsible experimentation while maintaining regulatory compliance and ethical standards. Track the ROI of AI initiatives over time, and make adjustments based on results, risks, and changing member needs.

See how Abrigo's small business origination software helps lenders get loan decisions and funding faster

Learn more
Whitepaper

Technology, oversight, and the future of loan review

Read More
Whitepaper

AI and generative AI: A proactive, organized approach to adoption

Read More
Webinar

Preparing bankers for AI: Change management in practice

Read More

Reducing friction with equipment leasing software

Financial institutions in the equipment finance space are rethinking how work gets done. Whether you’re an independent finance company originating leases or a bank purchasing them, modern tools offer a smarter way to manage the leasing lifecycle. Here are three key areas where technology can help eliminate manual work and drive results.

Rethinking manual processes

While customer-facing technology in financial services has advanced rapidly, many equipment finance firms still rely on paper-based or fragmented systems behind the scenes. In a space where deals are complex and assets are high-value, manual processes can create bottlenecks that limit growth and introduce risk. The right equipment leasing software can help streamline operations, reduce reliance on spreadsheets, and give teams more time to focus on strategy.

Streamline now, scale later with Abrigo and IFSLeaseworks

Learn more

Digitize the borrower journey

Delaying banking tech purchases can leave banks and credit unions flat-footed when operational demands or risks surge. For finance companies originating leases, digitizing the borrower journey brings efficiency and consistency to a traditionally paper-heavy process. From structuring terms to collecting applications and evaluating credit, equipment leasing software like IFSLeaseWorks allows firms to move away from disparate systems and spreadsheets.

Digital portals, automated documentation collection, and embedded workflows help reduce the risk of errors and improve turnaround times, allowing staff more time to focus on strategy. These tools also create a more streamlined experience for the lessee—whether they’re acquiring construction equipment, medical devices, or agricultural machinery.

For banks purchasing leases, digitizing documentation intake and analysis helps standardize what is often a manual, fragmented process and sets the foundation for more consistent decisioning.

Automate middle- and back-office workflows

Once a lease is originated—or purchased—the work of managing it begins. Billing, collections, asset servicing, and end-of-term decisions all carry operational and compliance risk when handled manually. Purpose-built equipment leasing software helps automate these middle- and back-office processes.

Automation supports consistency and scale, especially as portfolios grow. For originators, that means fewer manual touchpoints across servicing and asset management. Ideally, automated lease purchase decision software works in tandem with an institution’s existing loan software. For instance, Abrigo’s Lease Purchase Decisioning solution embeds underwriting workflows, templates, and credit analysis directly within the Sageworks platform. It helps institutions evaluate individual lease purchases efficiently, particularly those already using Sageworks.

Harness data and reporting for growth

Manual processes don’t just slow banks down, they obscure the big picture. Teams need real-time visibility and banking intelligence across the pipeline. Whether you’re tracking lease performance, analyzing asset values, or monitoring portfolio trends, modern reporting capabilities are essential.

With equipment leasing software, firms gain access to centralized data warehouses and dashboards that support strategic planning. This visibility becomes increasingly important as interest rates shift and competition increases.

Banks that purchase leases also benefit from consistent data capture during underwriting. Standardized inputs and outputs not only support compliance and audit readiness but also enhance the institution’s ability to analyze portfolio performance and allocate capital with confidence.

Stop relying on spreadsheets

Manual, disconnected systems aren’t built for scale. Whether your firm originates equipment leases or your bank is purchasing them as investments, equipment leasing software can reduce friction, improve consistency, and make your operation more nimble.

By digitizing the borrower experience, automating workflows, and leveraging your data, your organization can position itself for sustainable growth in the year ahead.

Find out how Abrigo reduces origination costs and lending inefficiencies.

Learn more
Webinar

Mastering the analysis of long-term credit

Read More
Webinar

Considerations in the analysis of short-term credit

Read More
Webinar

Building a data-driven lending strategy: Actionable steps for real results

Read More

New timelines for small business loan data collection and reporting

The Consumer Financial Protection Bureau (CFPB) 1071 rule was originally effective in 2023, but section 1071 compliance dates have been extended. The 1071 compliance dates are for collecting and reporting data on small business loan activities.

You might also like this one-page summary of key dates and deadlines for complying with the 1071 rule.1071 compliance deadlines

DOWNLOAD

Takeaway 1

The effective date of the CFPB's new rule based on Section 1071 of the Dodd-Frank Act was August, 29, 2023. But compliance dates and deadlines are tiered and start in 2026.

Takeaway 2

The reporting tiers and compliance deadlines for CFPB 1071 are based on the number of covered transactions a lender originated in 2022 and 2023, in 2023 and 2024, or in 2024 and 2025.

Takeaway 3

As modified by the CFPB in October 2025, the earliest deadline to begin collecting data is July 1,  2026. The earliest for reporting initial data is  June 1, 2027. 

This post was updated to reflect new compliance deadlines finalized by the CFPB on Oct. 2, 2025. 

Final rule

Effective dates & compliance dates for rule 1071

As they do with any new requirement, financial institutions want to know when the CFPB 1071 rule is effective and when they must begin collecting and reporting data on their small business lending activities.

The effective date of the Consumer Financial Protection Bureau’s (CFPB) new rule was August 29, 2023. However, compliance deadlines and related deadlines for reporting the data collected about small business loan applications are tiered. This staggering of compliance deadlines requires the small business lenders originating the most transactions to begin reporting data earlier than less active small business lenders.

In addition, court cases and changes to the rule have delayed compliance dates, in much the same way compliance with the current expected credit loss (CECL) model was delayed by several actions.

In the case of 1071, a Texas judge originally stayed compliance deadlines pending a Supreme Court ruling over the constitutionality of CFPB funding. Following the Supreme Court's decision in favor of the CFPB on that issue, however, the agency extended the 1071 rule’s compliance deadlines. The CFPB issued a final rule outlining the new 1071 compliance dates and filing deadlines as follows:

Compliance TierOriginal Date (2023 Final Rule)2024 Interim RuleNew Date (2025 Interim Rule)First Filing Deadline
Tier 1 (highest-volume)October 1, 2024July 18, 2025July 1, 2026June 1, 2027
Tier 2 (moderate-volume)April 1, 2025January 16, 2026January 1, 2027June 1, 2028
Tier 3 (smallest-volume)January 1, 2026October 18, 2026October 1, 2027June 1, 2028

Source: CFPB

How to stay ahead of compliance

Despite the seemingly long runway to prepare, it's not too early to get a handle on the new requirements and how they will affect a bank or credit union. With the changes, many financial institutions face the most significant data collection and reporting effort in nearly 50 years. Given this scope, lenders need to begin assessing now how and when they will comply.

Abrigo has helped hundreds of bank and credit union staff members learn more about 1071 and how to prepare for it. Webinars, podcasts, and whitepapers provide tips for capturing small business loan data, storing it, and reporting it to the CFPB to comply with the required timelines. In addition, Abrigo's small business loan origination software can automate 1071 data collection and reporting.

Below are details on important dates for 1071 compliance, which financial institutions must comply, and what the changes involve.

Which FIs must comply

What are the goals of 1071?

Before discussing 1071 compliance dates, it’s helpful to understand the rule’s goals and which financial institutions it affects.

The final rule implements section 1071 of the Dodd-Frank Act by amending the Equal Credit Opportunity Act (ECOA), or Regulation B (Reg B). The CFPB small business lending data collection regulations are being included as subpart B of Reg B and aim to support and enforce the fair lending requirements. CFPB intends the data collected by lenders on each small business credit application to shed light on potential disparate treatment in loan terms, especially related to minority-owned small business applicants, including women-owned small businesses. Reporting on the data is also expected to help identify small business owners’ needs and credit opportunities. A CFPB compliance aid lists 81 data fields for information lenders must collect and report.

Which lenders are counted as “covered financial institutions” in the 1071 rule?

The rule outlines that any company or organization engaged in lending activities is covered.

Each reporting tier and its associated deadline is determined by the number of covered transactions to small businesses that a lender originated in each of two years, whether it's 2022 and 2023, or 2023 and 2024, or 2024 and 2025. 

In fact, to be subject to the rule’s requirements at all  (i.e., be considered a “covered financial institution”), a company or organization must have originated at least 100 covered credit transactions in each of the two years it selects.

What is a covered transaction

The CFPB generally describes it as a request for any of the following:

  • Loans
  • Lines of credit
  • Credit cards
  • Merchant cash advances
  • Credit products used for agricultural purposes

Requests for additional credit on an existing loan are not counted as originations for the purpose of determining a covered financial institution.

Defining "application" for a covered transaction

For data collection and reporting, financial institutions must track applications they receive for covered transactions, as opposed to solely tracking originations. What is an application under the CFPB 1071 rule? It is an oral or written request for a covered credit transaction that is made following the procedures used by a financial institution for the type of credit requested. This means that lenders must track data not only related to approved and booked credit but also applications that are any of the following:

  • Withdrawn
  • Incomplete
  • Denied
  • Approved by the lender but not accepted by the applicant

A re-evaluation, extension, or renewal request on an existing business account is excluded from the definition of covered applications as long as the request seeks no additional credit. Inquiries and prequalification requests are also excluded.

How a lender defines an application as incomplete or withdrawn can vary from financial institution to institution, noted Abrigo Senior Advisor Paula King, CPA, who is already working with financial institutions to plan for and prepare 1071 reporting.

The CFPB “has left it up to financial institutions as to where you feel the cutoff is for an incomplete application” or a withdrawn application, she said. Regardless of how the bank or credit union defines these application resolutions, the lender should spell it out in the loan policy, King added. Loan policies should also clarify how a counteroffer by the lender will be treated.

 

Which credit transactions are excluded from 1071?

Several types of transactions are excluded from the CFPB’s requirements to report on applications. Among those considered excluded transactions:

  • Letters of credit
  • Trade credit (i.e., financing arrangements such as accounts receivable with a business providing goods or services)
  • Public utilities credit
  • Securities credit 
  • Incidental credit defined in Regulation B as exempt (e.g., not payable in more than four installments; not subject to finance charge)
  • Factoring 
  • Leases
  • Consumer-designated credit used for business/ag purposes, such as taking out a home equity line of credit or charging business expenses on their personal credit cards
  • Purchases of originated covered credit transactions 
  • Applications with potential HMDA and section 1071 overlap: CFPB does not require reporting under section 1071 (transactions would only be reportable under HMDA)

A final component of the rule that is useful in understanding the various deadlines for 1071 reporting is the CFPB’s description of what constitutes a small business. An applicant or borrower is considered a small business if it is a business (including agricultural) that had $5 million or less in gross annual revenue for its preceding fiscal year before applying.

Would you like to stay up to date on CFPB 1071 implementation?

This means that in addition to banks and credit unions, other lenders subject to the rule’s mandates are finance companies, online lenders, Community Development Financial Institutions (CDFIs), government lenders, and nonprofit lenders.

Three deadlines for tracking, reporting data

Tiers determined by transaction volume

The earliest reporters are those that have originated at least 2,500 small business loans. These financial institutions must begin data collection in July 2026 and continue through the end of the year, based on the CFPB's timeline. The data collected needs to be reported by June 1, 2027. For following years, lenders must collect data for the full year and report it by the following June 1. 

The second tier of deadlines covers financial institutions with at least 500 covered originations during the relevant two-year period. This group of small business lenders must begin collecting data on Jan. 1, 2027, and they must report data collected for the entire year by June 1, 2028.

The last group of lenders required to collect and report data on small business loan applications is financial institutions with at least 100 covered originations. These banks, credit unions, and other lenders have to begin collecting data on Oct. 1, 2027, and they are required to report the data by June 1, 2028. 

The CFPB produced an info sheet with more details and examples of how financial institutions collect data and comply with the small business lending rule. 

In this document, the bureau notes that if an institution determines it’s not required to comply with the rule initially, it must nevertheless determine in subsequent years whether it must, based on whether it originates at least 100 covered originations in each of the two calendar years immediately preceding the year in question. The document was written before the Supreme Court ruling that prompted the extension of the compliance dates for 1071, so it's likely to include outdated deadlines. 

Abrigo can help you navigate 1071 deadlines and compliance. In addition to our 1071 resource page for lenders, which has updated information to help prepare for the new requirements, Abrigo’s Loan Origination Software already has all required data fields in a borrower-facing collection form, access to pre-built reports, and the ability to export for CFPB reporting. Your financial institution can comply with 1071 while streamlining the origination process and ongoing customer management while working with a trusted partner of 2,400 institutions. Talk to a specialist to learn more.

CFPB small business data collection

Read practical tips for banks and credit unions to manage their 1071 rule data collection processes efficiently so they can stay ahead of deadlines and avoid compliance problems.  

You might also like this webinar, "Answering your top CFPB 1071 compliance questions."

WATCH

Takeaway 1

Under the CFPB small business data collection rule, any lender is required to collect and report demographic data during the application process.

Takeaway 2

The small business lending data regulations require data points covering details related to the credit transaction, the business’s attributes, and demographic data..

Takeaway 3

Reviewing existing data collection and assessing lending processes are among steps for banks and credit unions to organize the data collection process. 

This article was updated to reflect the Oct. 2, 2025, final rule published by the Consumer Financial Protection Bureau to extend the original deadlines to those set out in its June 18, 2025, interim final rule.

Banks and credit unions prepare

CFPB 1071 rule has significant requirements

The Consumer Financial Protection Bureau’s (CFPB) small business data collection rule, often referred to as the 1071 rule, is set to be the most significant effort of data collection and reporting for financial institutions in nearly 50 years. Banks and credit unions must prepare to meet the rule’s requirements by understanding what data must be collected, when it needs to be collected, and how to streamline the process to ensure compliance.  

This article describes the scope of the CFPB small business lending data regulations and offers practical tips for banks and credit unions to manage their data collection processes efficiently. Understanding the rule and preparing adequately will help your financial institution stay ahead of deadlines and avoid compliance problems.  

Rule covers all lenders

The scope of small business data collection

The CFPB’s small business data collection rule implements Section 1071 of the Dodd-Frank Act, which directs the bureau to collect certain demographic data from small business lenders. The primary goal of the federal rule is to facilitate fair lending enforcement and identify the credit needs of women- and minority-owned businesses.    

Under this rule, any entity engaged in lending activities is required to collect and report demographic data during the application process. This includes not just banks and credit unions but also finance companies, online lenders, Community Development Financial Institutions (CDFIs), government lenders and nonprofit lenders. The only lenders excluded from these requirements are those that originated fewer than 100 covered credit transactions in each of the two calendar years preceding their compliance date. Requests for additional credit tied to an existing loan do not count as originations when determining whether an institution is covered. 

The rule requires that lenders collect and report data for all small business credit applications from any business with $5 million or less in gross annual revenue its preceding fiscal year. Credit transactions covered by the rule include applications or requests for:  

  • Loans 
  • Lines of credit 
  • Credit cards 
  • Merchant cash advances 
  • Credit products used for agricultural purposes 
  • Refinancings where existing debt is satisfied and replaced by a new obligation for the same borrower  

Who must file when

Compliance deadlines for 1071 small business lending data regulations

Lender deadlines for 1071 compliance are initally determined by the volume of small business loans originated in each of the calendar years 2022 and 2023 or in 2023 and 2024 or in 2024 and 2025. Abrigo has a one-pager summarizing the 1071 data collection and reporting deadlines. Here’s a general overview of when different types of lenders must begin data collection, based upon their origination thresholds and the final rule published Oct. 2, 2025:  

  • Lenders that originate at least 2,500 small business loans in each of the years must start collecting data on covered applications by July 1, 2026. 
  • Lenders that originate at least 500 covered loans in each of the years must begin data collection by Jan. 1, 2027.  
  • Lenders that originate at least 100 small business loans in each of the years must collect application data starting Oct. 1, 2027. 

Stay up to date with CFPB small business lending data collection requirements.

To prepare for these deadlines, lenders may begin gathering the otherwise protected demographic information one year before their official collection deadline. This head start can help institutions ensure timely compliance and address any challenges in advance.  

20+ pieces of data

Key data points under 1071 small business lending data regulations

Banks, credit unions, and other creditors will need to collect more than 20 pieces of data for each application and report this data to the CFPB each year. The data points cover a wide range of details related to the credit transaction, the business’s attributes, and demographic data.  

Some of the key 1071 data points required include: 

  1. Application date and method (in person, telephone, online, mail) 
  2. Credit type, including the product type (term loan, line, credit card, etc.), guarantee type (personal, SBA, USDA, etc.), and loan term (in months) 
  3. Purpose of the credit (e.g., purchase, working capital, construction, etc.) 
  4. Amount applied for  
  5. Action taken on the application (originated, denied, withdrawn, etc.) and date of action 
  6. Amount approved or originated  
  7. Denial reasons (e.g., business characteristics, cash flow, collateral) 
  8. Pricing details (interest rate, origination charges, broker fees, initial annual charges, additional cost for merchant cash advances, and prepayment penalties) 
  9. Census tract number. This information should represent the address where loan proceeds will be applied, the address of the applicant’s headquarters or main office, or another address associated with the applicant 
  10. Gross annual revenue. Financial institutions may reuse previously collected gross annual revenue figures when the data was collected within the same calendar years as the covered application 
  11. NAICS code 
  12. Number of workers and time in business 
  13. Business ownership status (such as minority, women, LGBTQI+) 
  14. Number of principal owners and ethnicity, race, and sex/gender of principal owners 1-4. This data must be reported based only on information provided by the applicant (i.e., no reporting based on visual observation)  

Importantly, the CFPB mandates that lender data collection processes shouldn’t discourage applicants from providing their demographic information. Financial institutions will want to make data collection processes as easy as possible for applicants to encourage participation.  

The first filing dates for reporting the small business lending data under the final rule published Oct. 2, 2025, are as follows:

  • Highest volume lenders (Tier 1): June 1, 2027
  • Moderate volume lenders (Tier 2): June 1, 2028
  • Smallest volume lenders (Tier 3): June 1, 2028

Existing data and processes

Tips for organizing and streamlining data collection processes

Given the scope of effort needed to collect and report data by the CFPB deadlines, some financial institutions are already taking action. In fact, if you are a tier 1 lender and have to comply beginning July 1, 2026, we recommend beginning your testing now to give you at least nine months of testing.

For those who may feel overwhelmed by the tasks ahead, the following steps can help organize and streamline the data collection process: 

  1. Understand the rule and related requirements. Make sure others involved in lending are familiar with the 1071 small business lending data regulations and the specific requirements for CFPB small business data collection.  
  2. Review existing data collection practices. Identify what data is already being collected and where gaps exist. Some data may be available within the financial institution’s systems, while other data points will need to be obtained from applicants.  
  3. Assess current systems currently used for data collection and reporting. Determine whether these can be leveraged for 1071 data collection and whether new or updated systems are needed.  
  4. Assess the current lending process (i.e., how information is gathered). This assessment likely will require reviewing the institution’s credit culture if certain required data points are missing from the current application process.  

Technological solutions for efficient 1071 data collection 

Automation can play a critical role in streamlining CFPB small business data collection. Software solutions designed for data collection and analysis can help lenders focus on the borrowers and winning deals while ensuring compliance with the 1071 small business lending data regulations. These tools can also make it easier to review and submit the information to the CFPB efficiently. Abrigo’s product team worked with the CFPB throughout the rulemaking process and has built 1071 compliance into its loan origination platform and its small business loan origination software. 

While ease of data access is important, in general, if the institution doesn't employ the firewall exception, CFPB prohibits underwriters or any employee responsible for the disposition or “making a determination” on an application from accessing certain demographic data. Abrigo’s software integrates 1071 compliance features such as built-in firewalls and user permission controls to help maintain non-biased lending and compliant reporting.  

Streamline 1071 data collection. See how Abrigo can help.

Get a demo

Preparing for regulatory changes 

While organizing the data collection process is crucial, it’s also important for financial institutions to take broader steps to prepare for these regulatory changes. These include educating staff, revising policies and procedures, and considering more standardized pricing and fee structures to align with the 1071 small business lending data regulations.  

Department coordination

1071 Data risk management & compliance strategies

Preparing for regulatory changes 

While organizing the data collection process is crucial, it’s also important for financial institutions to take broader steps to prepare for these regulatory changes. These include educating staff, revising policies and procedures, and considering more standardized pricing and fee structures to align with the 1071 small business lending data regulations.  

Compliance with the 1071 small business lending data regulations will require coordination across multiple departments. To mitigate risks associated with non-compliance, financial institutions should: 

  • Create a formal project plan and timeline for compliance efforts. 
  • Plan for the training of all relevant staff involved in data collectors, reporting, and underwriting.  
  • Establish consistent lending processes to promote data accuracy and compliance.  
  • Consider the formality of the current borrower application process and identify any culture changes needed. 
  • Automate processes to reduce manual errors and speed processes.  
  • Develop internal controls, including those that validate and test the data collected. 
  • Track and report exceptions, particularly those related to pricing, fees, and loan structures. 

Some financial institutions will need to formalize their small business loan application process. Others may decide to balance small business relationship lending with a risk-based pricing model to mitigate unintended disparate treatment among lenders and branches. 

For institutions facing challenges or staff resource constraints, engaging experienced consultants can help. CFPB 1071 consultants can establish reporting and monitoring processes and recommend any needed policy changes.  

The CFPB’s 1071 small business lending data regulations represent a momentous change in how financial institutions must collect and report data. By understanding the requirements, preparing in advance, and leveraging technology, banks and credit unions can navigate the changes with compliance. Start planning now to make sure your institution is ready for a smooth data collection process under the 1071 rule. 

See how Abrigo's small business origination software and its 1071 readiness advisory engagement helps lenders meet the CFPB 1071 requirements

Learn more
Webinar

Smarter lending: Tactics to streamline small business loan operations

Read More
Whitepaper

Get ready to ramp up small business lending: Do this, not that

Read More
Whitepaper

Ahead of the curve: A banker’s podcast episode 1 – CFPB 1071 and CFPB 1033 update

Read More

Marijuana safe banking in 2025: Will rescheduling bring relief for financial institutions?

Financial institutions have monitored the progress of federal marijuana legislation for years, yet meaningful change has remained out of reach. While speculation around marijuana legislation continues to grow, financial institutions remain in the challenging position of navigating the gap between expanding state-level legalization and ongoing federal prohibition. This regulatory gray area presents heightened AML/CFT, reputational, and operational risk. With a decision on federal rescheduling expected soon, financial institutions are asking: Will it bring marijuana safe banking?

Rescheduling marijuana: Progress, but not a green light

In May 2024, after a review by the U.S. Department of Health and Human Services, the Drug Enforcement Agency issued a proposed rule that would reclassify marijuana from a Schedule I narcotic to Schedule III under the Controlled Substances Act (CSA). This historic shift would recognize its medical use and remove its classification alongside drugs like heroin and LSD.

In August 2025, the Trump administration confirmed reviewing the rescheduling proposal, with a final decision expected soon. President Trump acknowledged conflicting perspectives, stating, “I’ve heard great things having to do with medical [use]... and bad things having to do with just about everything else.”

But even if marijuana is rescheduled, it will remain federally regulated. For financial institutions, this means the 2014 FinCEN guidance remains in effect. Rescheduling may reduce stigma, but it does not equate to legalization and doesn’t resolve the core banking challenges.

 

What this means for financial institutions and their clients

The conflict between state legalization and federal prohibition puts banks and credit unions in a difficult position. Many serve communities with growing marijuana-related businesses (MRBs) that need access to basic financial services. Yet without federal protection, offering those services remains risky and complex.

The compliance burden is significant for institutions choosing to bank MRBs or exposed indirectly through ancillary clients, like landlords, vendors, or service providers. Enhanced due diligence and robust ongoing monitoring remain critical components of a sound marijuana safe banking program.

Clients, meanwhile, face limited access to financial services. The result is often increased reliance on cash, which raises fraud, theft, and money laundering risks. To stay compliant and prepared, institutions must take a risk-based approach that addresses marijuana exposure through policies, staffing, and controls tailored to current and emerging threats.

 

Has the SAFE Banking Act passed?

Amid these challenges, the Secure and Fair Enforcement (SAFE) Banking Act continues to generate attention and bipartisan support but remains stalled, primarily due to a packed Congressional schedule. Intended to give banks and credit unions safe harbor when serving state-legal MRBs, the Act has passed the U.S. House seven times but has never cleared the Senate.

With its most recent iteration, the SAFER Banking Act (S.2860) remains pending in the Senate. In July 2025, a majority of state attorneys general sent a letter to Congressional leaders in support of passing federal protections for banks that do business with marijuana companies. “We write today in support of the SAFER Banking Act of 2025,” the letter read. “It is increasingly critical to move cannabis commerce into the regulated banking system.”

What the Act would mean for financial institutions

The SAFE Banking Act does not legalize marijuana or remove it from Schedule I. However, it would change the operational risk landscape by protecting financial institutions that serve compliant MRBs from federal penalties, asset forfeiture, or loss of deposit insurance.

The Act would also support AML/CFT efforts by reducing cash-only business models and enabling better transaction monitoring. Senator Jeff Merkley (D-Oregon) described the issue clearly in his Senate Committee testimony: “There is nothing like a cash economy to facilitate money laundering.”

Cash-heavy operations are more vulnerable to violent crime and harder for law enforcement to monitor. Without auditable financial records, marijuana-related activity remains in the shadows. Allowing electronic transactions would enable institutions to detect suspicious patterns better, file more accurate SARs, and bring marijuana-related funds into the oversight of the financial system.

Marijuana safe banking today

Despite legalization in most states, the vast majority of MRBs still lack access to traditional financial services. FinCEN SAR data shows that only about 830 U.S. banks and credit unions currently serve this market.

This forces many MRBs to operate in cash, limiting their ability to secure loans, build credit, or expand. For financial institutions, even those not intentionally serving the marijuana industry, this gap increases the risk of unknowingly onboarding or servicing indirectly connected customers.

Supporters of the SAFE Banking Act emphasize that the issue isn’t just about access but also about public safety. The Act would not only help institutions manage risk but also enhance community safety by integrating more marijuana funds into transparent, monitored systems. It would also protect the ecosystem of businesses that support MRBs, like landlords, law firms, and payroll providers.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

A regulatory turning point

The Act remains a pivotal opportunity to bring federal alignment to a rapidly growing state-legal market. While past efforts have failed, increasing public support and the burden placed on financial institutions may eventually force action.

Still, banks and credit unions cannot afford to wait. Whether an institution chooses to serve MRBs or not, updating AML/CFT programs to reflect marijuana-related risks is a regulatory expectation—not a future suggestion. That includes documenting board-approved positions on MRBs in risk appetite statements.

Marijuana exposure

Even institutions not actively banking marijuana businesses may have exposure through third-party relationships. Property managers, security firms, consultants, and others may be closely tied to MRBs—making strong customer due diligence (CDD) and ongoing monitoring critical.

Recommended next steps:

  • Perform a staffing assessment to ensure your teams can meet marijuana-related compliance demands.
  • Update CDD and enhanced due diligence (EDD) processes to identify high-risk accounts.
  • Revisit your BSA/AML risk assessment to include scenarios related to rescheduling, legalization, and continued regulatory ambiguity.

Prepare for what’s next

Despite growing support, marijuana legislation remains uncertain. Financial institutions can’t afford to wait for clarity. Instead, they must take a proactive, risk-based approach to marijuana-related compliance today.

Whether your institution plans to bank MRBs, avoid them entirely, or prepare for future opportunities, strong internal controls, updated policies, and a mature AML/CFT program are essential. Regulators expect institutions to identify and mitigate marijuana-related risk—regardless of what happens on Capitol Hill.

The marijuana industry isn’t waiting for Congress to act, and neither should your institution. By planning and documenting your approach, you can stay compliant, protect your reputation, and remain ready for whatever comes next.

 

Find out how Abrigo Fraud Detection stops check fraud in its tracks.

fraud detection software
Webinar

Minimizing wire fraud risk: Strategies for faster payments and smarter defenses

Read More
Webinar

From exam room to boardroom: What regulators expect & boards need to know

Read More
Webinar

Under pressure: Mastering Financial Crime compliance in a changing landscape

Read More

Discounted cash flow or WARM for the allowance? 

Two commonly deployed approaches for the allowance for credit losses under CECL are the discounted cash flow model and the remaining life methodology, also called WARM. How do you know when to select which?

This article covers these key topics: 

CECL's flexibility is both a strength and a responsibility

Since its adoption in ASU 2016-13, the current expected credit loss (CECL) model has introduced a forward-looking approach to estimating credit losses. The guidance intentionally avoids prescriptive formulas, empowering financial institutions to choose from a variety of acceptable methodologies for calculating the allowance for credit losses:

Work with advisors who have helped hundreds of financial institutions implement and manage CECL.

Connect with an expert

However, with this flexibility comes the responsibility for financial institutions to align their chosen methodology with portfolio characteristics, data capabilities, and risk management practices.

Two of the most commonly deployed approaches to CECL are the discounted cash flow model and the remaining life methodology. This guide unpacks the strengths and challenges of both. It offers a practical decision framework to help community financial institutions make defensible, scalable choices as they select, or transition to, an approach that aligns with their unique situation and supports defensibility and operational efficiency.

 

What is the discounted cash flow method?

The DCF method estimates credit losses by projecting future contractual cash flows, applying assumptions for prepayments, defaults, and recoveries, and discounting those expected loan-level cash flows back to present value using the effective interest rate (EIR) as defined by the FASB.

 As ASC 326-20-30-4 says, “The allowance for credit losses shall reflect the difference between the amortized cost basis and the present value of expected cash flows.” 

How it works

The discounted cash flow methodology, in essence, uses contractual schedules adjusted for prepayments to estimate future balances by month. This is extraordinarily helpful when adhering to ASC 326-20-30-6, which instructs institutions to model “expected credit losses over the contractual term of the financial asset(s).”

ASC 326-20-30-6 also says “ An entity shall consider prepayments as a separate input in the method or prepayments may be embedded in the credit loss information.” Speaking from experience, it’s neither an easy nor fun task to defend changing expected lives due to changes in prepayment speeds in varying rate environments when prepayments are “embedded in the credit loss.”

This approach, whether discounted or undiscounted, offers the opportunity to eliminate a life assumption, which is the most difficult and material assumption to support in a remaining life model (described below).

In fact, in order to support the remaining life input, one must run cash flows adjusted for prepayments, which begs the question – why not just stop there? As an added opportunity, forward-looking amortization schedules, interest income, and periodic expected loss all provide a strong foundation from which to manage. After all, it is the language of banking.

Armed with this kind of output, estimating future balances is accurate, which can allow for production budgeting. Loan-level detail on interest income that considers the default probability is also helpful in its own right. Lastly, timing-specific loss estimates make backtesting, monitoring, and scenario analysis feasible.

When to use DCF for CECL

Financial institutions have a number of considerations when selecting a CECL methodology. If using the discounted cash flow model is a possibility, remember that the methodology is best suited for specific situations.

These include the following:

  • While the discounted cash flow method works for nearly all loan types, it’s best for loan portfolios with contractual obligations extending beyond a year.
  • When an institution wants to quantify the impact of an economic forecast
  • When an institution wants to quantify the impact of a prepayment speed input
  • When an institution has loan-level fair market value adjustments resulting from an acquisition or whole loan purchase
  • When an institution prefers loan-level modeling and/or loan-level auditability
  • When industry or peer data is necessary or helpful

Pros

Some advantages of calculating the allowance using the discounted cash flow methodology include that it:

  • Is highly flexible, granular, and precise
  • Accurately reflects timing of losses, recoveries, and prepayments
  • Natively integrates reasonable and supportable forecasts
  • Supports layering of external or peer-derived inputs where internal data is sparse

Cons

Banks and credit unions have found that some of the challenges tied to using DCF are that it:

  • Requires detailed loan-level data (e.g., cash flow schedules, EIR, risk ratings)
  • Involves a heavier computing power burden

What is the remaining life method?

The remaining life method estimates losses using historical annualized loss rates and then applies those losses to balances using some form of life-of-loan assumption. Adjustments for prepayment speed changes, current conditions, and reasonable and supportable forecasts are usually estimated and applied through qualitative overlays or adjusting a life-of-loan input.

When to use it

Some of the reasons a financial institution might select WARM for the allowance for credit losses include:

  • When an institution is seeking an expedient
  • Comfortable with qualitative factors for forecasting and prepayment changes
  • Limited access to loan-level data or modeling capacity
  • As a transitional methodology

Pros

The remaining life method has the following qualities that might cause a bank or credit union to choose this methodology:

  • Easy to implement and maintain
  • No need for extensive historical or loan-level data
  • Easily understandable and auditable
  • Widely used and regulator-accepted for community institutions

Cons

Some of the feedback we’ve gotten about why financial institutions might not want to select WARM includes:

  • Difficult to support in changing rate environments (prepayment speed changes)
  • Loss timing is not explicitly modeled
  • Limited flexibility for dynamic economic forecasts
  • Assumes flat distribution of risk across remaining life
  • May misstate risk for longer-duration or prepayment-sensitive assets

Choosing the right method: A practical decision framework

Making a choice of CECL methodology involves many factors. Below is a simplified framework to help guide your selection.

chart of DCF vs. WARM methods for CECL

Both methods are fully compliant with CECL, but DCF offers better alignment with forward-looking credit risk modeling. The remaining life method offers an alternative for institutions prioritizing ease of implementation over support and defensibility.

Documentation and validation best practices

Regardless of the method used, institutions should:

  • Document method selection rationale, tying it to portfolio characteristics
  • Clearly define all inputs, assumptions, and external data sources
  • Perform annual CECL model validations or revalidations whenever portfolios materially change
  • Monitor and backtest model performance
  • Retain version control for model updates and assumption changes
  • Align CECL methodology with internal ALM, stress testing, and strategic planning frameworks where possible

Aligning methodology with institutional maturity

There is no universally “right” method for CECL compliance—only the method best aligned with your institution’s size, systems, staffing, and risk complexity.

  • Start with WARM if you're prioritizing ease of implementation and are comfortable re-implementing later as you grow or experience changes in rates or economy.
  • Evolve toward DCF as your institution builds stronger data pipelines, economic forecasting capabilities, and strategic modeling needs.
  • DCF provides not only more refined allowance estimates but also enhanced insight into credit risk behavior. These can enable better pricing, strategy, and capital planning.

Abrigo has guided hundreds of financial institutions through CECL implementation, tailoring the process to their unique goals and operational realities. Whether adopting a simplified model like remaining life, or ready to unlock the full potential of loan-level DCF modeling, Abrigo's allowance solutions and CECL advisors can help you navigate every step—from methodology selection and model validation to reporting and examiner readiness.

Listen to an on-demand webinar about CECL model governance to be ready for your next audit.

Listen now
Webinar

Scaling credit risk oversight: Preparing loan review for enhanced prudential standards

Read More
Webinar

How to improve balance sheet strategy with integrated risk and financial management

Read More
Success Stories

Integro Bank turns to Abrigo Advisory to advance its CECL model

Read More

This article covers these key topics: 

Understanding the WARM method

Learn how the WARM method supports CECL compliance with step-by-step guidance, example calculations, and comparisons to other methodologies like SCALE and discounted cash flow models.

The WARM method, short for Weighted Average Remaining Maturity, is one approach to estimating credit losses under the current expected credit loss accounting standard (CECL).

The allowance for credit losses (ACL) is one of the most significant estimates in an institution’s financial statements and regulatory reports. Understanding the basics of WARM, how financial institutions implement it, and how the methodology compares to alternative allowance methodologies under CECL can guide more informed discussions.

Unlike models that calculate the allowance under CECL using loan-level data encompassing the entire life of the loan, the WARM methodology estimates lifetime credit losses without requiring such granular information. Instead, it leverages an institution’s top-down historical annual charge-off rates along with information about the remaining life of a loan pool. This is why WARM is also known as the remaining life method.

Since limited data has been one of the biggest challenges for institutions transitioning to CECL, WARM has been an attractive option to some financial institutions, especially after regulators recognized it as an acceptable CECL methodology.

Other reasons financial institutions consider using the WARM method include that it is forward-looking (similar to the discounted cash-flow method) and offers a transparent and repeatable process.

Abrigo has helped hundreds of institutions with CECL implementation and ongoing compliance.

Read their stories

How the WARM method estimates credit losses

Under CECL, an allowance must cover losses expected over the entire life of the loan. Previously, losses weren’t recognized until they were both probable and estimable. In other words, credit losses under CECL are calculated by assuming that all loans are originated with some measurable risk of default.

Estimating lifetime losses is difficult without the historical, life-of-loan or life-of-cycle data detailed at the loan level.  Data gaps may stem from operational issues (such as a small portfolio acquisition or a system conversion) or numerical limitations (such as a new line of business or a de novo institution without sufficient history).

The WARM calculation helps address the data gap by combining three key inputs:

  1. Average annual charge-off rate, typically derived from historical loan-level or portfolio-level losses, institution call report data or peer group data.
  2. Amortization-adjusted remaining life, reflecting expected paydowns or prepayments and curtailments. Remaining life is derived by calculating the average life of the segment using an attrition model or other methods.
  3. Qualitative adjustments, which account for factors not captured in the historical data that are quantitative in nature.

As FASB has explained, “The average annual charge-off rate is applied to the contractual term, further adjusted for estimated prepayments to determine the unadjusted historical charge-off rate for the remaining balance of the financial assets.” To comply with CECL’s requirement for adjustments to historical loss information for current conditions and a “reasonable and supportable forecast period,” the qualitative components are layered in.  

For example, in a widely cited interagency illustration, a $13.98 million loan pool with a 0.36% charge-off rate and a 2.52-year remaining life yields an unadjusted lifetime loss rate of 0.90%. Adding a 0.25% qualitative adjustment raises the final allowance for credit losses (ACL) to 1.15%, or $161,000.

The math for WARM is relatively simple, but examiners have cautioned that supporting these inputs and layering on qualitative factors to account for forward-looking information is important to establish CECL model credibility.

How to implement the WARM method

Step-by-step implementation process

Institutions implementing WARM typically follow this process:

  • Segment the loan portfolio by similar risk characteristics, such as type, term, and credit quality.
  • Determine remaining life using contractual terms adjusted for expected prepayments. One approach is to use a quarterly attrition analysis that tracks exit events and develops an annual percentage of how often loans exit the portfolio via payoffs, renewals, maturity, or charge-offs. Call Report data (yours or peer data) may also be used for this.
  • Calculate the historical loss rates at the pool level using available charge-off data, Call Report data, or peer data.
  • Apply forecast model to capture the forward-looking impact on the reserve. This can be done through an expedient method or through application or regression models.
  • Apply the WARM formula to generate the lifetime historical charge-off rate for the remaining balance of the financial assets.
  • Incorporate qualitative overlays to adjust for reasonable and supportable forecasts.

Banks are expected to reflect forward-looking risks, not just replicate historical patterns. That’s where adjusting credit loss estimates with so-called qualitative factors comes in.

Adjusting for qualitative factors (Q factors)

What are Q factors, and why do they matter?

Qualitative factors, or Q factors, are adjustments to credit loss estimates that help account for risks that quantitative models and historical loss data can’t fully capture. Q factor adjustments to the allowance developed with the remaining life method will ensure reserve levels reflect what’s expected in the future, based on reasonable and supportable forecasts, rather than capturing past performance alone.

Under CECL, these adjustments are especially important because institutions must incorporate a reasonable and supportable forecast period. In this context, the forecast period is a near-term horizon over which management can credibly link economic forecasts (such as unemployment, interest rates, or local market conditions) to expected credit performance.

However, CECL also requires institutions to address what happens after that forecast horizon. Since forward-looking forecasts cannot be projected indefinitely with reliability, the guidance requires a reversion period. The reversion period is the point at which loss rates transition back to long-term historical averages.

In practice, this means:

  • Reasonable and supportable forecast period: The near-term horizon (often 1–3 years) where economic forecasts are applied directly to adjust expected losses.
  • Reversion period: The time after which forecasts become unreliable, during which modeled loss rates revert to long-term historical loss experience, either immediately or gradually (e.g., linear reversion).

For WARM specifically, the average annual charge-off rate is extended across the pool’s remaining life, but it must be adjusted first, for near-term forecasts (via Q factors) and second, for how losses revert beyond that period.

For example, an institution may adjust loss rates upward for the first two years due to a projected economic slowdown but then revert to historical charge-off levels for the rest of the pool’s life.

Documenting how management determined both the forecast horizon and the reversion approach is essential. Examiners have emphasized that unsupported overlays or vague explanations of forecast and reversion assumptions are among the most common CECL exam findings.

Documenting qualitative overlays for examiners

According to recent Fed findings, another common CECL-related exam issues was unsupported Q factors. Some institutions either neglected to apply qualitative overlays or failed to document them adequately, despite experiencing known risk shifts, such as entering new markets or launching new loan types.

Even though the adjustments are labeled “qualitative,” they can and often do have a quantitative basis.

Examples of qualitative adjustments in WARM

Examples of well-supported Q factors that could be incorporated into the WARM method include:

  • Local unemployment rate changes
  • Loosened underwriting standards compared to historical periods
  • New or inherently riskier product types, such as commercial real estate lending expansions

One way to determine what economic factors may apply is to talk with internal credit and Treasury teams to identify which economic factors are already being used internally, for example, for stress testing. Regardless of which factors are selected, they need to be tied to measurable indicators, and financial institutions should document their rationale as part of overall model governance. They should also define when the institution will revisit the factors as part of sound model governance.

Model governance and documentation

CECL internal controls

Speaking of model governance, CECL auditors and experts have noted that recent exams and audits have focused on this important aspect of calculating the allowance. Good CECL model governance, regardless of whether the institution uses a more simplistic model like WARM or something else, should include documentation, validation, and back testing. Regulators have cited inadequate documentation as another common issue in CECL exams.

Governance best practices and examiner expectations

To meet examiner expectations regarding other aspects of model governance, institutions using WARM should also:

  • Maintain a clear allowance policy that aligns with CECL
  • Explain why WARM was chosen to calculate the allowance and where it applies
  • Detail the assumptions specific to using WARM, lookback periods, segmentation logic, and forecast policies
  • Review and update assumptions periodically

Sound governance, including documenting assumptions, is essential when using the remaining life methodology or other options for CECL calculations.

Save time estimating the allowance with a compliant model that scales to your level of complexity.

Allowance software

Comparing the WARM method to other CECL approaches

WARM method vs. SCALE

Both WARM and the Federal Reserve’s SCALE tool (Scaled CECL Allowance for Losses Estimator) are intended to help estimate the ACL for less complex entities or those with less complex financial asset pools. As a result, both methods appeal to community banks and credit unions. However, they serve different needs and have some important differences.

  • SCALE leverages peer data, which may ease data requirements for banks with limited internal loss history. The regulators and auditors still expect institutions to adjust for their own experience, which can be challenging and hard to support.
  • WARM can also use peer data, but it allows for greater use of internal data and portfolio-specific risk segmentation. It also offers more customization, which requires documentation.

Other considerations when it comes to comparing SCALE and the remaining life method:

  1. SCALE relies on proxy expected lifetime loss rates of peers, which are already adjusted for reasonable and supportable forecasts. Management should consider whether a qualitative adjustment should be applied to account for local economic conditions expected to perform better or worse than industry economic conditions.
  2. The peer data used for SCALE would typically be based on information from the previous reporting period. Management should consider the timing issue and determine the impact of any changes in business or economic conditions as between when proxy loss rates were calculated and the reporting date.
  3. Regulators have said the SCALE tool is not appropriate for institutions with assets greater than $1 billion that are required to submit data into Schedule RI-C since that would result in an institution both submitting data and using data derived from Schedule RI-C.

WARM vs. discounted cash flow and static pool models

WARM, discounted cash flow (DCF), and static pool methods all comply with CECL, but they vary greatly in data requirements, forecasting precision, and operational complexity.

  • Discounted cash flow models simulate individual loan cash flows using assumptions for prepayments, default timing, recovery rates, and discount rates. They provide high granularity and allow institutions to align economic forecasts with precise time periods, which can be a key advantage when forecasting near-term economic volatility or credit deterioration.
  • Static pool or cohort-based models track over time a defined group of loans originated during a given period, measuring cumulative loss behavior. Static pool methods conceptually align with CECL’s lifetime loss perspective, but they require longitudinal, loan-level data and robust cohort tracking practices.

By comparison, WARM estimates credit losses using historical loss averages applied across the remaining life of the pool. It does not account for the timing of losses and treats the portfolio as a single amortizing asset. As a result, WARM is easier to govern and document but sacrifices modeling precision.

Considerations for use cases of each model type

WARM may be best for institutions with relatively simple, amortizing portfolios and limited access to life-of-loan data, or for less complex portfolios/segments, new lines of business, or immaterial acquired portfolios. It may be appropriate for specific types of loan portfolios, such as segments without losses or segments lacking loan-level data because they are serviced by a third party. A credit card portfolio is an example.  

DCF and static pool models may be better suited for institutions with complex portfolios, short-term credit volatility, or regulatory pressure to align forecasts more tightly with exposure timing.

Trade-offs and limitations of the WARM method

As noted above, the WARM method is designed for clarity and feasibility. But that simplicity comes with trade-offs. Institutions using this approach should recognize its potential limitations and actively mitigate them through documentation and governance.

Challenges with data granularity and outliers

Because WARM is a top-down method relying on aggregated portfolio data, it lacks visibility into loan-level performance patterns. This can mask significant outliers or emerging risks within a pool. For smaller institutions or smaller segments, one or two charge-offs can skew the average charge-off rate, especially when loss histories are shallow or inconsistent.

Institutions should consider the statistical volatility of smaller pools and whether supplemental analysis or exclusion of outlier periods is needed to avoid distortions.

Situations where WARM may introduce oversimplification

WARM assumes straight-line balance reduction across the remaining life of the pool. While this simplifies exposure modeling, it often does not reflect actual amortization behavior. Products with balloon structures, revolving credit, or seasonal paydown patterns may not fit the straight-line assumption well.

Institutions using WARM should document how they determined remaining life and consider qualitative adjustments if actual repayment patterns materially diverge from the model assumption.

Balancing ease of use with accuracy

CECL requires incorporating reasonable and supportable forecasts, and WARM supports this through qualitative overlays and near-term forecast layering. However, because the method applies charge-off rates evenly over the remaining life, WARM lacks the ability to time forecasted risk precisely.

For example, if an institution anticipates elevated losses within the next 12–18 months due to deteriorating market conditions, the WARM method can’t easily front-load those losses. More granular methods like DCF or PD/LGD modeling are better suited to simulate time-based loss expectations.

When WARM may not be the best fit

The WARM method may not be appropriate for all loan types or portfolios. Institutions should reassess their methodology if they have:

  • Newly introduced or unseasoned loan products without reliable loss history
  • Complex structures (e.g., interest-only periods, variable-rate resets, or off-balance sheet exposures)
  • Significant concentration risk in high-volatility asset classes
  • Rapid growth into new markets with limited historical performance data

In these cases, WARM may oversimplify the credit risk profile, potentially leading to under- or over-reserving. If the institution cannot clearly tie the model assumptions to observed portfolio behavior, examiners may challenge the methodology’s adequacy.

Is WARM the right fit for your institution?

The WARM method remains a viable, widely accepted CECL methodology, especially for community institutions seeking a manageable and auditable approach. Still, institutions should ask:

  • Have we documented why WARM is appropriate for our portfolio?
  • Are we using recent, relevant historical loss data?
  • Have we applied and supported Q factors tied to observable risks?
  • Have we backtested the remaining life model to ensure results truly reflect the institution risk profile? Even though WARM is considered one of the more straightforward CECL methodologies, regulators expect every institution regardless of model complexity to validate and backtest their allowance methodology. This is not optional.
  • Do our policies reflect CECL’s expectations, not just our legacy allowance process?

If the answer to any of these is “no,” it may be time to revisit model inputs, documentation, or governance structure.

Practical tips for financial institutions

An automated CECL solution that supports WARM and other methodologies can help institutions remain compliant without unnecessary complexity. Moreover, it allows institutions to fine-tune the CECL process as the institution grows and changes and as best practices evolve.

Abrigo supports institutions using WARM and other methodologies through CECL software, CECL advisory services, and CECL allowance training programs. Abrigo’s allowance software contains an attrition calculator and examiner-ready documentation tools.

Revisiting CECL methodologies

CECL was one of the most significant changes to financial institution accounting in decades. 

For many financial institutions, the remaining life or WARM method offered a practical on-ramp to CECL. Now that community financial institutions have navigated their first year of compliance with CECL, some are revisiting their allowance methodologies. For those using WARM, reviewing model selection and assumptions regularly can demonstrate “ownership” and make for a smoother review by auditors and examiners.

 

This blog was developed with the assistance of ChatGPT, an AI large language model. It was reviewed and extensively revised by Abrigo's subject-matter expert for accuracy and additional insight.

Success Stories

Integro Bank turns to Abrigo Advisory to advance its CECL model

Read More
Webinar

CECL mastery series: From compliance to confidence

Read More
Webinar

Backtesting and ongoing monitoring: Making CECL models work over time

Read More

What is reputational risk: How it fits into business strategy

As banks and credit unions navigate evolving regulatory expectations, reputational risk remains important, especially for community financial institutions that prioritize strong, trusted relationships. While regulatory agencies have clarified they will not examine reputational risk in isolation, many institutions continue to consider it part of a broader, community-centric strategy. Understanding reputational risk and its impact can help financial institutions stay aligned with their mission, protect stakeholder trust, and make informed business decisions.

Regulatory guidance on reputational risk

In a recent shift in examination expectations, the three federal banking regulators—the Federal Reserve Board, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation—have confirmed that they will no longer consider reputational risk as a stand-alone factor during bank examinations. The National Credit Union Administration is being called upon by America’s Credit Unions to follow suit. The change is part of a broader effort to clarify expectations and reduce the likelihood of institutions feeling pressure to exit entire industries based solely on perceived reputational concerns.

This shift provides more certainty around how regulators approach client risk for banks and credit unions. However, it raises important questions about how financial institutions define and manage reputation within their risk frameworks, primarily when serving diverse or high-profile client groups. While regulators have stepped back, reputational considerations remain, especially regarding community trust and long-term strategy.

Need short-term fraud or AML staffing relief? Abrigo Advisory Services can help.

Connect with an expert

What is reputational risk and why it matters

Reputational risk is the potential for negative public perception to affect a financial institution's credibility, client trust, or financial performance. It often stems from how an institution is viewed by its community, clients, regulators, or media, and it may arise even when no compliance violations or operational failures have occurred.

Today, reputational risk can be influenced by various factors, including the types of clients an institution chooses to serve or decline, partnerships with third-party vendors, lending or investment decisions, or how it handles emerging social or political issues. Even lawful and risk-based decisions may draw public scrutiny if they appear inconsistent with the institution's stated values or community expectations.

These factors make reputational risk more dynamic than ever. For example, exiting a relationship with a high-profile business might be entirely appropriate from a risk management perspective. Still, without clear communication or documentation, the public can misinterpret the decision as unfair or discriminatory. Likewise, continuing to serve a controversial client segment may prompt questions from community members, advocacy groups, or employees.

New regulatory changes

The decision to remove reputational risk as a factor in formal bank examinations was mainly in response to concerns about derisking—when financial institutions end relationships with entire categories of clients or industries based on perceived reputational harm rather than individual risk assessments. In previous years, some banks chose to exit entire sectors, such as money services businesses, cannabis-related businesses, or international remittance providers, not because of direct regulatory violations, but because of uncertainty around supervisory expectations. This derisking trend created unintended consequences. Legitimate businesses, especially those serving underserved or international communities, were sometimes left without access to essential financial services. In response, regulatory agencies clarified that while banks can make risk-based decisions, supervisors would no longer use reputational risk alone as a basis for exam criticism. The goal is to promote financial inclusion while ensuring client decisions are grounded in individual risk, not generalized assumptions.

 

Reputational risk is connected to other areas of risk

Reputational risk rarely stands alone. In fact, it often overlaps with other key risk categories, which means it can surface in situations where it may not be immediately obvious. Understanding these connections helps financial institutions see the full picture before making decisions that could have lasting effects.

  • Strategic risk can rise when an institution chooses to enter or exit industries that are considered sensitive or controversial. Expanding into a new market segment may create growth opportunities, but it can also bring heightened public attention. Likewise, stepping away from a line of business for sound risk reasons may be interpreted by some as a value statement.
  • Compliance risk can occur when actions do not align with written policies or when those policies are applied inconsistently. Even if a decision is legal and defensible, failing to follow established processes can create reputational questions about fairness, transparency, or governance.
  • Credit risk can be complicated when the financial strength of a borrower becomes secondary to how the relationship is perceived. A strong-performing borrower in a controversial industry may pose minimal credit risk, but the reputational implications could still influence the institution’s decision-making.

For example, an institution might decide to end a relationship with a client whose lawful business activity does not align with the bank’s mission or community priorities. While the decision could be supported by credit analysis, operational considerations, or policy requirements, it may also reflect reputational concerns.

The key is to evaluate the full risk picture and anticipate how a decision will be perceived by customers, staff, and community stakeholders. By doing so, banks and credit unions can minimize surprises, ensure decisions are consistent with their stated values, and preserve the trust that often takes years to build.

 

Reputation as part of governance conversations

Even though examiners will no longer evaluate reputation as a stand-alone risk, institutions benefit from including it in board and leadership discussions. In fact, the regulatory agencies expect banks and credit unions to engage in sound risk management practices, operate in a safe and sound manner. For many community financial institutions, reputation remains an important aspect of risk management. Common governance examples of include:

  • Reviewing client onboarding and exit policies for reputational considerations: Customer acceptance and closure policies should account for reputational implications and be applied consistently. Clear criteria and documentation help staff explain decisions to customers, community members, or regulators.
  • Evaluating new products or services through a community impact lens: Before launching new offerings, consider how they will be received by the community and whether they align with the institution’s mission. This helps prevent missteps that could harm trust or brand perception.
  • Discussing high-profile vendor relationships that may attract stakeholder attention: Vendors with public visibility can influence how the institution is perceived. Leadership discussions should weigh the benefits against potential reputational costs and ensure there is a plan to address questions if they arise.

When reputation is discussed at the board or committee level, it helps ensure that the institution's decisions align with its stated values and risk appetite.

 

A simple framework for assessing reputational exposure

Adding structure to reputational risk management does not require new systems. Institutions can adapt existing tools to include questions such as:

  • Does the client or activity align with our institution's mission and values?
  • Could this relationship or decision attract public or media attention?
  • Have we documented how and why we reached a decision?
  • Would this decision be viewed as fair and consistent by clients and regulators?

These questions help bring consistency to decisions that often involve subjective judgment. They also help front-line and risk staff feel confident in their approach when handling complex or sensitive situations.

 

Prioritizing reputation

For many banks and credit unions, reputational risk is not just about regulatory expectations but about living out the values they promote within their communities. These institutions are not managing their reputation to meet a rule. They are doing it because they believe it is the right thing to do.

Local financial institutions often have deep relationships with their clients. Their reputations are built over years, sometimes decades. Once trust is lost, it is not easily regained. Institutions that include reputational considerations in their risk and business decisions are often better positioned to preserve that trust during times of change.

Reputational risk may no longer be central to regulatory examinations, but remains a valuable part of business strategy. Financial institutions that proactively consider reputation in their governance, client policies, and community engagement are taking steps to ensure long-term strength and stakeholder trust.

 

Powerful financial crime fighting

Get features and functionality you need from AML compliance software.

Transaction monitoring software
Webinar

Cryptocurrency compliance: Determining legitimacy in financial institutions

Read More
Webinar

Panel: Making fraud everyone’s fight

Read More
Webinar

Minimizing wire fraud risk: Strategies for faster payments and smarter defenses

Read More

Elder sextortion: The emotional and financial toll

Financial exploitation of older adults continues to evolve as fraudsters shift their tactics to digital platforms. According to the FBI's Internet Crime Complaint Center (IC3) 2024 data, more than 147,000 Americans aged 60 and older reported falling victim to online fraud, with total losses approaching $4.9 billion. This represents a 43 percent increase in reported losses compared to 2023.

Among these crimes, elder sextortion stands out as one of the most emotionally and financially damaging. Elder sextortion is a form of blackmail that combines romance scams, impersonation, and manipulation to target older adults online. A 2024 study published in Computers in Human Behavior estimated that one in seven adults globally has experienced someone threatening to share intimate images.

The FBI reports that extortion, including sextortion, among older adults increased by 134 percent year over year. These are not isolated incidents. They are part of a growing trend in digital crime affecting some of the most vulnerable members of our communities.

For community banks and credit unions, responding to this threat is not simply a matter of fraud detection. It is about protecting customers, preserving trust, and reinforcing the financial institution's role as a safe, trusted partner.

 

What is elder sextortion

Elder sextortion occurs when scammers deceive older adults into sharing explicit photos, videos, or engaging in private online interactions. The fraudster then uses that content, or the threat of having it, to extort money. In many cases, the scammer never actually possesses any images. Instead, they rely on fear, shame, and the victim's concern for their family, social circle, or religious community to force compliance.

These cons often begin as online romance scams. Fraudsters are patient and calculated, gradually building emotional trust before introducing explicit content or requests. The scammer starts making demands once the relationship feels real to the victim.

While financial loss is significant, the emotional toll can be devastating. Many victims do not report the crime due to embarrassment. The resulting shame may lead to social withdrawal, depression, or, in some cases, even premature death.

Download this checklist to spot red flags for elder financial exploitation

Get the checklist

How scammers target older adults

Criminals executing sextortion scams use sophisticated tactics that take advantage of the emotional, digital, and social vulnerabilities of older adults. These include:

  • Preying on loneliness or grief: Scammers identify recent widows or widowers by scanning online obituaries or public posts. They initiate contact under the guise of companionship.
  • Romance scams on digital platforms: Many scams begin on dating apps, social media, or text messaging. Initial messages may seem innocent or friendly, but quickly turn flirtatious.
  • The "wrong number" trick: A scammer pretends to text the wrong number. If the recipient responds, the conversation escalates into a manufactured romantic interest.
  • Fake profiles and video calls: Scammers use images of attractive individuals, often stolen or computer-generated, and may encourage victims to engage in private chats. Some use deepfake technology or screen recordings to fabricate compromising content.
  • Phishing links and malware: Clicking on suspicious links can give scammers access to the victim's device, camera, or personal files. Older adults with limited cybersecurity protections are particularly vulnerable.

These methods exploit both emotional trust and gaps in digital literacy. Increasingly, these scams are not random acts. Many are carried out by transnational organized crime groups that share victim information and target retirement communities or individuals identified through data breaches.

Find out how Abrigo Fraud Detection stops check fraud in its tracks.

Fraud detection software

 

When sextortion escalates

A recent case reported to the AARP Fraud Watch Network Helpline involved a 70-year-old man from Missouri. He was targeted through what he believed was a romantic relationship. After sending nude photos, he was quickly threatened with exposure unless he paid $2,500.

Soon after, another person contacted him, pretending to be a law enforcement officer. This impersonator accused him of criminal behavior related to the images and warned that his employer would be contacted if he did not send more money. The scammer knew where the man worked, intensifying the pressure.

This case demonstrates how sextortion can quickly evolve from emotional manipulation to impersonation and coercion. It also highlights the importance of financial institutions being prepared to spot signs of distress, especially when older customers make unusual transactions or appear anxious.

Protecting clients from fraud: Steps to stay safe

Fraud can happen to anyone, but the FBI advises there are practical steps financial institutions can coach their clients on to help protect them and their personal information:

  • Verify before trust: If a client is contacted by someone they do not know, they should take time to research the contact’s name, phone number, email address, or the offer they are presenting. A quick online search can often reveal warnings from others who may have been targeted by similar scams.
  • Avoid being rushed: Scammers often try to create urgency to pressure victims into making quick decisions. They may appeal to their emotions or promise financial gain or companionship. Advise clients to take a step back and give themselves time to evaluate the situation.
  • Never share sensitive information: Clients should never give out personal or financial information, including social security number, bank details, or wire instructions, unless they have verified the legitimacy of the request.
  • Take immediate action if an account is compromised: If your client suspects someone has gained access to their personal devices or financial information, they should notify their bank or credit union right away. Advise them about placing additional safeguards on their accounts and remind them to monitor their activity closely for unauthorized transactions.

How financial institutions can protect their customers from elder sextortion

Banks and credit unions serve as critical touchpoints for many older adults. When staff are trained to recognize potential fraud, they can help stop scams before more harm occurs. Proactive steps include:

  • Educate frontline employees: Tellers and customer service teams should be trained to spot red flags such as abrupt wire transfers, large cash withdrawals, or changes in financial behavior. Empower staff to ask respectful, nonjudgmental questions when something seems unusual.
  • Use fraud detection tools: Implement systems that monitor behavior outside a customer's typical transaction pattern. Real-time wire fraud monitoring combined with behavioral analytics helps stop fraud losses before they occur. Banks and credit unions should combine technology with transparent internal escalation processes.
  • Provide targeted client education: Offer ongoing education through brochures, in-branch events, webinars, or one-on-one consultations. Topics include safe online practices, how to identify scams, and how to respond to suspicious messages.
  • Partner with external agencies: Establish relationships with local law enforcement, elder protection agencies, and fraud reporting centers. Coordination can lead to faster, more effective responses when fraud is suspected.
  • Foster a safe, supportive environment: Many older adults fear being judged or losing independence if they disclose being scammed. Creating a culture of support and privacy encourages disclosure and early intervention.

Why action matters

As more older adults embrace digital communication, the threat of elder sextortion will continue to grow. Financial institutions are in a strong position to detect early warning signs and respond with compassion and professionalism.

Preventing financial loss is essential, but helping clients preserve their dignity, feel supported, and recover from emotional harm is just as important. Addressing elder sextortion goes beyond risk mitigation. It reflects the core mission of community financial institutions to serve and protect. With strong fraud detection tools, well-trained teams, and a commitment to client care, banks and credit unions can be a first line of defense against this increasingly personal exploitation.

 

Webinar

Minimizing wire fraud risk: Strategies for faster payments and smarter defenses

Read More
Webinar

From exam room to boardroom: What regulators expect & boards need to know

Read More
Webinar

Under pressure: Mastering Financial Crime compliance in a changing landscape

Read More