Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Lending & Credit Risk C&I Loans Commercial Lending Construction Lending CRE Lending Lending Regulation Member Business Lending Small Business Lending

How to prepare for the CFPB’s Section 1071 rule: Lender steps to start now

Paula S. King, CPA
July 10, 2024
Read Time: 0 min

What banks, credit unions, and other creditors need to know to collect and report 1071 data. 

Given the magnitude of the 1071 rule and the changes it will spur, small business lenders shouldn’t let the outlying deadlines lull them into inaction.

Bolster small business banking with these tips from peers

DOWNLOAD

Takeaway 1

The CFPB is requiring lenders with 100 or more small business loan originations to gather and report 22+ data points for each application.

Takeaway 2

Small business lenders must collect applicant/borrower attributes, so knowing what you can and cannot ask and having related policies and procedures will be essential.

Takeaway 3

Data collection and tracking are central to implementing the 1071 rule's technical aspects. A bigger challenge? Gearing up for more formal small business lending processes.

This post was substantially updated to incorporate details on the final 1071 rule and add advice for getting ready. 

CFPB 1071 rule

New requirements for small business lenders

The Consumer Financial Protection Board’s (CFPB) 1071 rule on small business lending data collection is the most extensive effort to gather loan application data in almost 50 years, and financial institutions and other small business lenders are already preparing.

The rule, which implements the Dodd-Frank Act Section 1071 requirements for the CFPB to collect lender data on small business loan applications, requires operational and, in some cases, cultural shifts. Even though July 18, 2025, is the earliest 1071 compliance deadline to affect lenders, some financial institutions have started taking steps so they can implement the rule on time.

Given the magnitude of the 1071 rule and the changes it will spur, small business lenders shouldn’t let the outlying deadlines lull them into inaction.

Begin to prepare for the rule's reporting obligations by accessing CFPB 1071 resources and following these seven steps:

2023 rule

1. Understand 1071 obligations.

Reading and understanding the rule may seem obvious, but studying this unique regulation is vital for compliance. The CFPB is requiring small business lenders to collect applicant/borrower attributes, so knowing what you can and cannot ask will be essential.

The 2023 rule is titled “Small Business Lending Data Collection under the Equal Credit Opportunity Act (Regulation B),” but it is often known as the CFPB’s 1071 rule.

The final rule requires financial institutions and others to compile, maintain, and submit to the CFPB-specific data points on small businesses’ applications for credit — not just originations. Its primary purposes are to:

  • Provide tracking of small business credits to enforce fair lending laws and
  • Allow communities, government entities, and creditors to identify business and community development needs of women-owned, minority-owned, and small businesses.

Most lenders haven’t experienced such a significant regulation requiring loan data collection and reporting since the Home Mortgage Disclosure Act (HMDA) requirements of 1975. In fact, the data collection requirements of the 1071 rule may surpass those of HMDA since community financial institutions have become more commercially focused in recent years.

Which creditors must comply with the CFPB’s 1071 regulation?

Generally, any financial institution that originated at least 100 “covered” credit transactions to small businesses in each of the two preceding calendar years must comply. The CFPB will allow institutions to use originations during either 2022 and 2023 or 2023 and 2024 to initially determine their status as a “covered institution.”

Included in the CFPB’s definition of financial institutions are:

  • Banks
  • Savings associations
  • Credit unions
  • Online lenders
  • Platform lenders
  • Community development financial institutions
  • Farm Credit System lenders
  • Lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies)
  • Commercial finance companies.

Once you’ve determined whether your financial institution is covered under the 1071 requirements, the next step in preparing for compliance is to analyze your small business loan portfolio.

Assess the impact

2. Analyze your small business loan portfolio early.

The CFPB’s definition of a small business for this regulation is one (including an agricultural enterprise) with $5 million or less in gross annual revenue for its preceding fiscal year before applying for a covered transaction. The CFPB plans to adjust the revenue threshold every five years after Jan. 1, 2025, to account for inflation.  In addition to the revenue threshold, the CFPB’s definition aligns with the SBA’s “small business concern” definition.

To determine whether they are a “covered institution,” financial institutions need to tally the number of small business loan originations in each of the two preceding calendar years. While originations are the measuring stick for compliance, the 1071 rule focuses on tracking and reporting applications of “covered transactions.”

Covered transactions include:

  • Loans
  • Lines of credit
  • Credit cards
  • Merchant cash advances
  • Credit products used for agricultural purposes.

Transactions reportable under HMDA, trade credit, and a few other types of credit are excluded.

If able, produce a report of small business loans fitting the revenue size above. This exercise should provide insight into the impact that the 1071 rule will have on your institution. It will also help clarify the 1071 compliance deadlines for your bank or credit union.

 

Stay up to date on small business lending regulation and other lending trends.

Compliance preparation

3. Write 1071 policies and procedures.

Lenders’ policies should include the following components:

  • Background and governance
  • Roles and responsibilities
  • Description of the 1071 rule’s impact on the loan portfolio (from the analysis above)
  • General process of gathering, tracking, monitoring, and reporting pertinent information to comply
  • Process internal controls
  • Reporting and conclusions on compliance
  • Educational expectations for current and new staff
  • Data collection
  • Recording of data
  • Monitoring and interpreting the data
  • Staff training

Procedures should represent more detailed instructions for performing tasks associated with the rule to achieve compliance.

Set up systems

4. Develop a data collection plan.

Preparing for 1071 compliance means determining how to collect the required data on all small business credit applications. Required data involves two significant data sets:

  • Data points that are or could be collected from the applicant
  • Data points based on information within the financial institution’s control

The 22+ data points that financial institutions must collect from all small business applicants relate to three major categories of information. Financial institutions will collect information about the following:

  • Credit (such as the applicant/borrower loan number, type, purpose, pricing details, and, for denied applications, the denial reason).
  • Business attributes (such as business description, gross annual revenue, census tract, NAICS code, and owner and worker counts).
  • Demographics of small business applicants (This protected demographic information includes the ethnicity, race, and sex of principal owners and whether it is a minority- or women-owned business).

The rule also requires a “firewall” to restrict access to certain data. It prohibits underwriters or any officer or employee responsible for application dispositions from accessing an applicant’s responses on ethnicity, race, sex, and status as a minority- or women-owned business. CFPB’s 1071 rule contains an opt-out provision for the firewall. Still, the financial institution opting out must disclose in a notice and up-front that they are not utilizing a firewall and that those employees making loan application decisions may view the applicant’s demographic data.

Abrigo recommends including detailed procedures for lenders and other staff collecting this data. You may need to update internal checklists or applications to ensure a centralized, standard place to record information.

The 1071 rule requires that institutions collect data on a calendar-year basis and report their data to the bureau by June 1 of the following year. CFPB will make the data available to the public annually.

Being collecting data

5. Track 1071 data on a rule-compliant system.

While relationship lending will always be a part of providing small businesses credit, the rule will all but force financial institutions to eliminate the more manual small business application process. Automation will be the key to effectively tracking 22+ data points on each application, and risk-based loan pricing may be necessary to avoid actual or perceived disparate treatment in pricing and terms.

. Determine whether your core provider has or is considering automating the process as data is entered directly into their system. Additionally, if you are on a loan origination platform, your provider should provide data reporting and monitoring to track your compliant applications, so check with your provider in advance.

Abrigo’s commercial loan software and its small business loan origination system have 1071 compliance functionality to support financial institutions. The company closely tracks the development of the CFPB’s 1071 requirements, and its product and compliance experts attend all relevant webinars and calls with the CFPB.

If your institution doesn’t automate 1071 rule data collection, make sure to have primary and backup staff to maintain any Excel spreadsheets and an independent reviewer to perform a periodic spot-check of the data.

1071 reports and monitoring

6. Set up an audit system for small business lending.

Developing analytical reports and periodically monitoring small business lending is essential for compliance. These efforts can also identify areas of concern, mitigation, and reporting. Consider taking a quarterly compliance scorecard approach that identifies loan pricing exceptions and sets baseline performance indicators.

Remember that the primary reasons for the small business lending rule are to ensure that banks and credit unions address the needs of minority small businesses and confirm that institutions price and set other loan terms without discriminating against them. In other words, this is fair lending for business applicants.

Cultural changes

7. Plan for other considerations.

As financial institutions work toward CFPB 1071 rule compliance, training staff on the rule’s technical aspects will be critical. A bigger challenge will be gearing up for a much more formal small business lending process than ever before. This will require a cultural change for lenders who have been used to a less formal and relationship-oriented process.

Important considerations include whether to:

  • Standardize small business lending loan originations, pricing, and fee structures.
  • Develop an objective small business loan pricing model to mitigate unintentional disparate treatment in interest rate, fee, and pricing structure that could result from lender subjectivity. Loan pricing software can automate risk-based pricing.
  • Automate the reporting of small business loan pricing exceptions to policy to be proactive in making future adjustments.

Many financial institutions already face staff bandwidth issues and can ill afford interruptions in staff’s daily job requirements. A third-party provider can make compliance easier. Abrigo consultants are ready to help financial institutions with 1071 implementation and can:

  • Educate the board and staff and clarify data-collection rule components
  • Assess the current state of data and small business processes and recommend best practices for compliance.
  • Help develop compliant policies and procedures for the 1071 rule.
  • Assist with establishing processes for entering, tracking, monitoring, and reporting the necessary information for 1071.
  • Perform a loan portfolio analysis to identify loan pricing exceptions and set baselines for performance indicators.
  • Assist with creating or adapting current collection and loan pricing systems

Finally, look for 1071 lender resources to help your financial institution prepare for the 1071 rule requirements. Webinars, guides, and other information will help you avoid letting the deadlines sneak up on the institution.

Conclusion

The CFPB’s new rules related to the Dodd-Frank Act may require operational and perhaps cultural changes related to how new applications are developed. Like the migration to the current expected credit loss model (CECL), the 1071 rule changes will impact multiple areas across financial institutions. Getting started on compliance sooner rather than later will provide the most access to resources and planning assistance.

Download a chart of CFPB 1071 rule deadlines and effective dates for reporting

Download Keep me informed
Blog
C&I Loans Commercial Lending Construction Lending CRE Lending Lending & Credit Risk Lending Regulation Member Business Lending Small Business Lending

How to prepare for the CFPB’s Section 1071 rule: Lender steps to start now

Learn More
Blog
C&I Loans Commercial Lending Construction Lending CRE Lending Lending & Credit Risk Lending Regulation Loan Origination System Member Business Lending Small Business Lending

The CFPB 1071 effective date and updated loan data deadlines

Learn More
Blog
Credit Analysis Training Credit Risk Management Credit Risk Regulation Global Cash Flow Lending & Credit Risk Lending Regulation Loan Review and Due Diligence Risk Ratings

Credit administration department housekeeping: Practical steps for improvement

Learn More
About the Author

Paula S. King, CPA

Senior Consultant
Paula King, CPA, is Senior Consultant for Abrigo Advisory Services, assisting financial institutions with CECL, credit processes, model validations, and during COVID, the SBA’s Paycheck Protection Program forgiveness process. A former banker and bank co-founder, she has held executive positions (CFO, Chief Risk Officer and Chief Compliance Officer) and has

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.