How to prepare for the CFPB’s Section 1071 rule
What institutions need to know about Section 1071 rule as we get closer to its final rule
Banks, credit unions, and other creditors may be required to collect more data for each application under the new Section 1071 rule.
Check out additional resources on this CFPB 1071 page just for lenders
Prepare for 1071 data collection
Financial institutions, fintech companies, and other small business lenders will need to begin collecting a wide array of small business lending data under the Consumer Financial Protection Board’s (CFPB) proposed small business lending data collection rule. The CFPB plans to issue a final rule implementing Section 1071 small-business reporting requirements by the end of March 2023, according to a court filing.
The proposed rule, unveiled Sept. 1, requires entities that have originated at least 25 “covered credit transactions” for small businesses in the previous two calendar years to collect loan data. The small business data collection is intended to help the CFPB enforce fair lending laws and could also be used by the government and small business lenders to identify the needs of businesses, said Michelle Lucci, Abrigo Regulatory Compliance Manager.
Lucci said the entities required to collect more data will include more than just banks and credit unions. Online lenders, platform lenders, and fintechs should also consider the ways their operations might be affected.
Once the rule is final, lenders would have 18 months to comply. In the meantime, savvy software providers are preparing to help financial institutions meet the new requirements.
Abrigo has been closely tracking the development of the CFPB’s 1071 requirements to collect and report small business loan data, and its product and compliance experts attend all relevant webinars and calls with the CFPB. Abrigo will add functionality to our commercial loan origination system to support upcoming compliance requirements once the final decisions have been made on the CFPB side.
A decade in the making
A brief history of Section 1071
In 2010, Congress enacted the Dodd-Frank Act “[t]o promote the financial stability of the United States by improving accountability and transparency in the financial system.” Section 1071 of Dodd-Frank amended the Equal Credit Opportunity Act to require financial institutions to compile, maintain, and submit to the CFPB data on credit applications for credit for women-owned, minority-owned, and small businesses, including but not limited to the type and purpose of the loan; census tract for the applicant’s principal place of business; and race, sex, and ethnicity of the principal owners of the business.
From a statutory perspective, Section 1071’s purposes are two-fold:
(1) To facilitate enforcement of fair lending laws.
(2) To enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.
In 2011, the CFPB interpreted Section 1071 to mean that obligations for financial institutions to collect, maintain, and submit data “do not arise until the [CFPB] issues implementing regulations and those regulations take effect.”
So back in 2011, we understood the next logical step. Those implementing regulations were coming.
They just weren’t coming very soon. In fact, it took a lawsuit initiated by a California community group in 2019 to get things moving. California Reinvestment Coalition v. CFPB alleged that the CFPB unlawfully withheld and unreasonably delayed agency action by failing to implement Section 1071. In February 2020, a settlement was reached, and by September 2021 the CFPB had issued the NPRM.
Points of note
Data collection requirements
The NPRM provides instructions for collecting and reporting data points, a sample data collection form, and some new definitions. Notably, collected data and institution information will be made publicly available on an annual basis on the CFPB’s website.
Section 1071 specifies thirteen specific data points that financial institutions are required to collect and report, and it also provides authority for the CFPB to require any additional data that it determines would aid in fulfilling section 1071’s statutory purposes.
Covered financial institutions will be required to collect applicant-provided data in a manner “reasonably designed to obtain a response.” They may rely on statements made by an applicant for most data points, but they should generally report verified information and—again generally—they may reuse certain previously collected data to streamline data collection.
The mandatory 13 data points in the CFPB 1071 proposed rule are listed below. If an institution is already subject to the Home Mortgage Disclosure Act (HMDA) or the Community Reinvestment Act (CRA), then they likely have good practices in place for collecting this information. If they don’t? There are many questions to be answered—the process of collecting this data is as impactful as the data itself.
Section 1071 also authorizes the CFPB to require discretionary data points that would “advance the purposes of the statute,” and this is where some financial institutions are expressing concern. Those discretionary data points include the following, based on the proposed CFPB small business data collection rule:
- Time in business
- NAICS Code (business industry classification)
- Number of employees
- Application method (e.g., in-person, phone, mail, online)
- Application recipient (e.g., direct or through a third party)
- Reasons for denial (providing nine specific reasons and a text box for any other reason)
- Number of principal owners
Because this data will be made public, there are concerns that some of this discretionary data may help an institution’s competitors glean insights into its lending practices or create privacy concerns for applicants. There are also questions about how this data might be collected. If applicants do not elect to provide it or do not provide truthful responses, then institution staff may need to collect it based on unreliable observance standards.
Stay up to date on small business lending regulation and other lending trends.
The firewall requirement
Based on industry comments, there is concern regarding the firewall provision in Section 1071 that requires financial institutions to prevent 1071 demographic information from being shared with underwriters or other employees unless it is not feasible to limit an employee’s access. If the institution believes a person should have access to an applicant’s demographic information, the institution must provide a notice to each applicant whose information could be accessed similar to the following:
Employees and officers making determinations concerning an application, such as loan officers and underwriters, may have access to the information on this form.
This requirement may be burdensome for institutions that either don’t have the IT staff to set up the digital infrastructure for such a firewall or don’t have the resources to secure a third-party solution. Some are worried about the potential for a no-win situation in this provision. If institutions can’t create the firewall and have to provide the above data collection notice, then they may lose the business of borrowers with privacy concerns.
On the Horizon
Signs of impending change
After years of stalled momentum, all signs indicate that CFPB 1071 is on track for a final rule soon. Larger financial institutions and those subject to HMDA and CRA data collection requirements are positioned to more easily absorb the compliance burdens that come with 1071 data collection and data restriction. Industry stakeholders have commented that public disclosure of business loan terms may create competition concerns, and they’re looking for more forgiving exemptions and threshold tests for applicability.
Many community banks and credit unions have typically been exempted from this data collection in the past. They should be vocal now with their LOS providers to ensure that they have a system of record to collect, store, and report the data necessary to comply with Section 1071. There will be providers who are better positioned than others to provide support for these changes, and institutions should not assume that their partner is already prepared to adapt to the biggest change to affect commercial lending in years.
Financial institutions also need to be working on Section 1071 preparations for their business and operational impacts. It isn’t just a compliance program problem or a data management problem. The C-suite needs to take an active leadership role in supporting and influencing the organizational changes that will allow them to succeed in the commercial lending space when Section 1071’s final rule is implemented.