Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

FAQs: CFPB small business data collection info for lenders

Mary Ellen Biery
March 30, 2023
Read Time: 0 min

What to know about the CFPB 1071 rule affecting small business loans

This post provides answers to some frequently asked questions about data requirements and other changes in the final rule released March 30, 2023.

You  might also like this on-demand webinar on the new CFPB small business data collection rule


Data collection requirements

Concerns and questions about the CFPB 1071 rule

According to a recent survey, financial institution executives’ top regulatory compliance concern is the final rule from the Consumer Financial Protection Bureau (CFPB) on data collection for small business loan applications. The regulation, finalized and issued March 30, outranked BSA/AML rules, beneficial ownership requirements, and current expected credit loss (CECL) obligations.

This post provides answers to some of the frequently asked questions (FAQs) about what types of data financial institutions will have to collect from small business loan applications, as well as details to help banks and credit unions prepare for the CFPB rule to take effect.

Abrigo has been closely tracking the development of the CFPB’s requirements to collect and report small business loan data, and its product and compliance experts attend all relevant webinars and calls with the CFPB. Abrigo will add functionality to our commercial loan origination system to support upcoming compliance requirements once the final decisions have been made on the CFPB side.

In addition, Abrigo has and will continue to update resources to help banks and credit unions understand and prepare for what is expected to represent the most significant effort of small business lending data collection and reporting for financial institutions in nearly 50 years. A CFPB 1071 resource page for lenders, content, and educational webinars will walk lenders through requirements and preparations. Abrigo consultants are also available to work with financial institutions to ensure the smooth adoption of the requirements.

In the meantime, here are some answers to common questions about the CFPB’s upcoming requirements, as laid out in the final rule

Visit CFPB 1071 resources for lenders for more on data collection requirements for small business lending. 

The "what," "who" and "why"

Answers about the 1071 data collection rule

What is the CFPB's Section 1071 rule?

While officially titled “Small Business Lending Data Collection Under the Equal Credit Opportunity Act (Regulation B),” the rule prompting lenders’ consternation implements Section 1071 of the Dodd-Frank Act. Section 1071 amended Reg B. It requires financial institutions and others to compile, maintain, and submit to the CFPB data points on applications for credit for small businesses, including women-owned and minority-owned small enterprises.

What’s the purpose of reporting new information about small business loan applications?

The primary purpose of reporting the information is to:

  • Provide tracking of small business credits to enforce fair lending laws and
  • Enable creditors to identify and support the business needs of small businesses owned by women and other minorities within the community.

Who must collect small business loan application data under CFPB's rule?

Covered financial institutions defined in the rule are “any partnership, company, corporation, association, trust, estate, cooperative organization or other entity that engages in financial activity.” A variety of entities that engage in small business lending are covered, including depository institutions, online lenders, platform lenders, CDFIs, lenders involved in equipment and vehicle financing (both captive financing and independent financing companies), commercial finance companies, government lending entities, and nonprofit non-depository lenders.  

According to the final rule, any entities that have originated at least 100 “covered credit transactions” for small businesses in each of the previous two calendar years fall under the rule’s requirements.  

$5 million threshold

Defining "small business" under the rule

What will the CFPB consider a small business under the CFPB data collection rule?

The CFPB has defined small businesses as those with $5 million or less in gross annual revenue the preceding fiscal year.

What is a “covered" credit transaction?

Loans, lines of credit, credit cards, and merchant cash advances (MCAs) are the types of credit transactions that new data collection requirements cover. MCAs include transactions for agricultural purposes and those that are HMDA-reportable transactions. The rule defines a “covered credit transaction” as one that meets the definition of business credit under existing Regulation B, with certain exceptions. 

Which credit transactions are excluded from data collection requirements?

The types of transactions excluded from the rule are trade credit, public utilities credit, securities credit, and incidental credit. Factoring, leases, consumer-designated credit used for business or agricultural purposes, credit secured by certain investment properties, transactions that are reportable under the Home Mortgage Disclosure Act of 1975 (HMDA), and insurance premium financing. are also excluded transactions, according to the final rule. 

What triggers the CFPB's requirement to report business loan data?

A “covered application”—which triggers data collection, reporting, and related requirements when submitted by a small business—is an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested. The rule says this definition of covered application is largely consistent with the existing Regulation B definition of that term. However, covered applications for purposes of this rule do not include (1) reevaluation, extension, or renewal requests on existing business credit accounts, unless the request seeks additional credit amounts; or (2) inquiries and requalification requests.

What data must be collected under the 1071 rule?

For each small business application for credit covered by the rule, more than 20 data points will be required to be collected. As a result, the CFPB’s final rule substantially increases small business lending data collection and reporting requirements for some financial institutions. Just a few of the data points for each application are:

  • the purpose of the credit
  • action taken
  • denial reasons
  • Census tract
  • number of workers
  • ethnicity of principal owners

What’s the deadline for institutions to comply with the CFPB 1071 requirements?

The final rule requires the largest lenders to collect and report data earlier than smaller lenders. Specifically, lenders that originate at least 2,500 small business loans annually must collect data starting Oct. 1, 2024. Lenders that originate at least 500 loans annually must collect data starting April 1, 2025. Lenders that originate at least 100 loans annually must collect data starting Jan. 1, 2026.  

How often must lenders report small business loan data to the CFPB?

Data for the 1071 rule must be collected on a calendar year basis and reported to the CFPB before June 1 of the following year.

How should lenders prepare for CFPB 1071 compliance?

Paula King, Senior Advisor with Abrigo Advisory Services, recently provided a CFPB 1071 rule checklist to help financial institutions understand the requirements. It also includes actions financial institutions can take to prepare for and successfully comply with the final 1071 rule.

What help is available for complying with the requirements to collect small business loan application data?

In addition to automation, which is vital for efficiently using staff and reducing errors, financial institutions should consider whether a third-party resource, such as dedicated risk management consultants or advisors, would benefit them. Consultants can alleviate staff bandwidth issues and help to create or adapt current collection and loan pricing systems.

The CFPB has numerous detailed instructions for complying with the data collection rule related to small business credit applications. Find links to the bureau's resources and additional help aids on this site with CFPB section 1071 resources for lenders. The page has free training webinar information, preparation checklists, and additional aids for financial institutions providing small business loans.

Stay up to date on the CFPB 1071 data collection rule and other lending compliance topics.

About the Author

Mary Ellen Biery

Senior Strategist & Content Manager
Mary Ellen Biery is Senior Strategist & Content Manager at Abrigo, where she works with advisors and other experts to develop whitepapers, original research, and other resources that help financial institutions drive growth and manage risk. A former equities reporter for Dow Jones Newswires whose work has been published in

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.