Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

IFSLeaseWorks is now part of Abrigo.

Diversify your portfolio and earn additional interest income. End-to-end lease origination and administration automation make it possible.

Read the press announcement

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

Lending & Credit Risk C&I Loans Commercial Lending Construction Lending CRE Lending Lending Regulation Member Business Lending Small Business Lending

1071 Data collection: Tips & tricks

Bailey Barretto, PMP
Mary Ellen Biery
June 17, 2026
0 min read

CFPB small business data collection under 2026 rule 

Read practical tips for banks and credit unions to manage their 1071 rule data collection processes efficiently so they can stay ahead of deadlines and avoid compliance problems.  

This article covers these key topics: 

This article was updated to reflect the May 1, 2026, final rule published by the Consumer Financial Protection Bureau. The new rule revamped small business data collection requirements for lenders.

Data collection under CFPB's new 1071 deadlines

The Consumer Financial Protection Bureau’s (CFPB) small business data collection rule, often referred to as the 1071 rule, is set to be the most significant effort of data collection and reporting for financial institutions in nearly 50 years. Banks and credit unions must prepare to meet the rule’s requirements by understanding what data must be collected, when it needs to be collected, and how to streamline the process to ensure compliance.  

This article describes the scope of the CFPB small business lending data regulations and offers practical tips for banks and credit unions to manage their data collection processes efficiently. Understanding the CFPB rule issued May 1, 2026, and preparing adequately will help your financial institution stay ahead of deadlines and avoid compliance problems.  

Access more small business loan data requirements resources and guidance

1071 resources for lenders

The scope of small business data collection

The CFPB’s small business data collection rule implements Section 1071 of the Dodd-Frank Act, which directs the bureau to collect certain demographic data from small business lenders. The primary goal of the federal rule is to facilitate fair lending enforcement and identify the credit needs of women- and minority-owned businesses.   

Which types of credit are considered “small business loans” under 1071?

The rule requires that lenders collect and report data for all small business credit applications from any business with $1 million or less in gross annual revenue in its preceding fiscal year. Credit transactions covered by the rule include applications or requests for:

  • Term loans (secured or unsecured)
  • Lines of credit (secured or unsecured)
  • Credit cards (private-label and not private-label)

Agricultural loans are excluded from the rule’s definition of credit types. In addition to merchant cash advances, loans of $1,000 or less are also excluded from the types of credits lenders must track under 1071. Requests for additional credit tied to an existing loan and transactions that extend, renew, or amend an existing credit do not count as originations when determining whether an institution is covered. However, requests for additional credit amounts on an existing account are considered covered applications that must be tracked.

One important distinction is that financial institutions qualify as covered institutions based on the total covered credit transactions for small businesses, rather than on the covered applications received from them. In the example provided by the CFPB, that means that if in both 2028 and 2029, Financial Institution B received 1,100 covered applications from small businesses and originated 900 covered credit transactions for small businesses, then for 2029, Financial Institution B is not a covered financial institution.

Which lenders must collect 1071 data

Under this rule, covered financial institutions that originated at least 1,000 covered credit transactions for small businesses in each of the two preceding calendar years must collect and report demographic data on applicants for certain small business credit. Lenders that must comply include not only banks, credit unions, and savings associations, but also:

  • online lenders
  • platform lenders
  • community development financial institutions
  • lenders involved in equipment and vehicle financing (captive financing companies and independent financing companies)
  • commercial finance companies
  • government lenders
  • nonprofit lenders

Excluded are Farm Credit System lenders and motor vehicle dealers. Merchant cash advances are excluded from covered transactions, so those providers are no longer required to collect data. Other types of excluded transactions are described below.

Compliance deadlines for 1071 small business lending data regulations

The final 1071 rule is effective on June 30, 2026. Covered financial institutions have a 1071 compliance date of Jan. 1, 2028. The first reporting deadline for getting data to the CFPB is June 1, 2029. Lenders will want to use the time before 2028 to assess their coverage status, update workflows, prepare controls for data collection, and monitor implementation updates from the CFPB.

To prepare for the deadlines, lenders may begin gathering the otherwise protected demographic information one year before the collection deadline as long as they do so in compliance with the 1071 rule. This head start can help institutions ensure timely compliance and address any challenges in advance.

Financial institutions close to the 1,000 originations threshold

A financial institution that did not originate at least 1,000 covered credit transactions for small businesses in each of calendar years 2026 and 2027 but subsequently originates at least 1,000 of them in back-to-back calendar years will have to begin tracking 1071 application data in the following year. As a result, smaller-volume institutions close to the compliance threshold will want to monitor volume so they can plan and prepare for compliance requirements.  

Key data points under 1071 small business lending data regulations

Covered banks, credit unions, and other creditors will need to collect and maintain more than a dozen pieces of data for each application by a covered small business, and they will have to report the annual data to the CFPB the following June. The small business lending data points cover a wide range of details related to the credit transaction, the business’s attributes, and demographic data. The 2026 final rule removed application method, application recipient, denial reasons, pricing information, and number of workers from the prior rule's requirements.

Required 1071 data collection points are:

  1. Unique identifier: an alphanumeric identifier beginning with the institution's Legal Entity Identifier (LEI)
  2. Application date (the date the application was received or shown on the application form)
  3. Purpose of the credit (e.g., purchase, working capital, construction, etc.)
  4. Amount applied for (the initial amount or credit limit requested)
  5. Credit type
  6. Guarantee type
  7. Action taken on the application (originated, approved but not accepted, denied, withdrawn, or incomplete)
  8. Date of action taken
  9. Amount approved or originated
  10. Census tract
  11. Gross annual revenue (for the applicant's preceding fiscal year)
  12. NAICS code (a 3-digit North American Industry Classification System code)
  13. Time in business
  14. Business ownership information:
    a) Whether the applicant is a minority-owned and/or women-owned business. LGBTQI+-owned business status has been removed entirely.
    b) The number of principal owners, and for each principal owner the person’s:

    i) Ethnicity (choosing only one answer from the aggregate categories of “Hispanic or Latino” or “Not Hispanic or Latino)

    ii) Race (choosing one or more from among five aggregate categories: American Indian or Alaska Native, Asian, Black or African American, Native Hawaiian or Other Pacific Islander, or White)

    iii) Sex (male or female). This option replaces a freeform “sex/gender” field in the previous final rule.

Appendix E in the CFPB’s final rule shows a sample form for collecting applicant-provided demographic information about principal owners. The sample form reminds applicants they are not required to provide the information, and the lender cannot discriminate based on a person’s race, ethnicity, or sex, or even on whether the person provided the information. The final rule notes that financial institutions can use different language “that better suits their customer relationships, provided the notice informs the applicant of the statutorily required information.”

Tips for streamlining small business lending data collection

Given the scope of effort needed to collect and report data by the CFPB deadlines, some financial institutions are already taking action. In fact, if you are a covered lender and must comply beginning Jan. 1, 2028, we recommend beginning your work immediately and giving yourself at least nine months of testing.  For those who may feel overwhelmed by the tasks ahead, the following steps can help organize and streamline the data collection process:

  1. Understand the rule and related requirements. Make sure others involved in lending are familiar with the Dodd-Frank section 1071 regulations and the specific requirements for CFPB small business data collection.
  2. Review existing data collection practices. Identify what data is already being collected and where gaps exist. Some data may be available within the financial institution’s systems, while other data points will need to be obtained from applicants.
  3. Assess current systems currently used for data collection and reporting. Determine whether these can be leveraged for 1071 data collection and whether new or updated systems are needed.
  4. Assess the current lending process (i.e., how information is gathered). This assessment likely will require reviewing the institution’s credit culture if certain required data points are missing from the current application process.

Technological solutions for efficient 1071 data collection

Automation plays a critical role in streamlining CFPB small business data collection. Software solutions designed for data collection and analysis can help lenders focus on the borrowers and winning deals while ensuring compliance with the 1071 small business application data regulations. These tools can also make it easier to review and submit the information to the CFPB efficiently. Abrigo’s product team worked with the CFPB throughout the rulemaking process and has built 1071 compliance into its small business loan origination software.

While ease of data access is important, in general, if the institution doesn’t employ the firewall exception, CFPB prohibits underwriters or any employee responsible for the disposition or “making a determination” on an application from accessing certain demographic data. Abrigo’s software integrates 1071 compliance features such as built-in firewalls and user permission controls to help maintain fair lending and compliant reporting.

Preparing for regulatory changes 

While organizing the data collection process is crucial, it’s also important for financial institutions to take broader steps to prepare for these regulatory changes. These include educating staff and revising policies and procedures to align with the 1071 small business lending data regulations. In addition, given legislative and legal efforts to continue making changes to the final rule, lenders should monitor related developments and activities.

1071 Data risk management and compliance strategies

Compliance with the 1071 small business lending data regulations will require coordination across multiple departments. To mitigate risks associated with non-compliance, financial institutions should:

  • Create a formal project plan and timeline for compliance efforts.
  • Plan for the training of all relevant staff involved in data collectors, reporting, and underwriting.
  • Establish consistent lending processes to promote data accuracy and compliance.
  • Consider the formality of the current borrower application process and identify any culture changes needed.
  • Automate processes to reduce manual errors and speed processes as well as provide tracking and timing evidence of when the demographic data was obtained.
  • Develop internal controls, including those that validate and test the data collected.
  • Track and report exceptions, particularly those related to pricing, fees, and loan structures.

Some financial institutions will need to formalize their small business loan application process. Others may decide to balance small business relationship lending with a risk-based pricing model to mitigate unintended disparate treatment among lenders and branches.

For institutions facing challenges, 1071 questions, or staff resource constraints, engaging experienced consultants can help. CFPB 1071 consultants can establish reporting and monitoring processes and recommend any needed policy changes.

The CFPB’s 1071 small business lending data regulations represent a momentous change in how financial institutions must collect and report data. By understanding the requirements, preparing in advance, and leveraging technology, banks and credit unions can navigate the changes with compliance. Start planning now to make sure your institution is ready for a smooth data collection process under the 1071 rule.

Automate 1071 data collection so you can spend more time talking with borrowers and less time keying data.

Get a demo

FAQs

What is 1071 data collection?

1071 data collection is the process that covered lenders must follow to collect and report specific small business credit application data to the CFPB. The rule requires information about the application, credit decision, business, location, revenue, ownership, and certain demographic details to support fair lending oversight.

Who must gather data for the CFPB’s 1071 rule?

Financial institutions must gather data for the CFPB’s 1071 rule if they originated at least 1,000 covered small business credit transactions in each of the two preceding calendar years (either 2026 and 2027 or 2025 and 2026 for initial coverage determination). Covered institutions can include banks, credit unions, online lenders, commercial finance companies, nonprofit lenders, government lenders, and certain equipment or vehicle financing lenders.

What information is required when collecting small business loan data?

Section 1071 requires lenders to capture application, credit decision, business, location, revenue, ownership, and demographic information. Required fields include application date, credit type, amount requested, action taken, Census tract, gross annual revenue, NAICS code, time in business, and certain principal owner demographic details.

When do lenders need to collect data for complying with Dodd-Frank Section 1071?

Lenders covered by the rule must begin collecting data for complying with Dodd-Frank Section 1071 by Jan. 1, 2028. The final rule is effective June 30, 2026, and the first CFPB reporting deadline for collected data is June 1, 2029.

How can banks and credit unions prepare for small business lending data reporting?

Banks and credit unions can prepare for small business lending data reporting by assessing coverage status, reviewing current workflows, identifying data gaps, updating systems, and training staff. Strong internal controls, testing, firewall protections, and automated data collection and validation can help reduce errors and support compliant 1071 reporting.

Whitepaper

CFPB 1071: Compliance dates, deadlines & major changes

Read More
Webinar

Thinking like a local economist: Sharpening lending decisions with market insight

Read More
Webinar

Small business lending in practice: Strategy, execution, and lessons learned from the field

Read More
About the Authors

Bailey Barretto, PMP

Director, Advisory Services
Abrigo
Bailey Barretto, PMP, is a Director in Abrigo’s Advisory Services, where she leads efforts to increase software adoption of clients while boosting ROI and benefit realization to achieve high results. She holds her PMP certification from the Project Management Institute as well as her Change Practitioner Certification from Prosci. Bailey

Full Bio

Mary Ellen Biery

Senior Strategist & Content Manager
Mary Ellen Biery is Senior Strategist & Content Manager at Abrigo, where she works with advisors and other experts to develop whitepapers, original research, and other resources that help financial institutions drive growth and manage risk. A former equities reporter for Dow Jones Newswires whose work has been published in

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.