1071: Checklist for Compliance
On March 31 of 2023, the Consumer Financial Protection Bureau (CFPB) officially passed the 1071 Rule, which was initially issued in September 2021. This rule mandates that covered financial institutions (FIs) collect, compile, and report specific data points related to credit applications from women- and minority-owned small businesses.
The primary objectives behind this data collection are:
- to ensure fair lending practices by monitoring small business credits and
- to identify and address the unique needs of women- and minority-owned businesses.
With the issuance of the final rule and its compliance requirements set to take effect after 18 months, covered financial institutions must begin preparing for the upcoming data collection and reporting changes. While the compliance timeline may appear generous, it is essential to note that the data collection requirements under Section 1071 are expected to exceed the efforts made for the 1975 Home Mortgage Disclosure Act (HMDA). This shift aims to gain comprehensive insights into the development, opportunities and challenges women and minority-owned businesses face. Financial institutions must fully grasp the key considerations for responsible and fair banking to adequately prepare for the impacts and implementation throughout the lending lifecycle.
Key considerations & challenges for Financial Institutions
FIs must start preparing for Section 1071 to gauge the business and operational impacts to succeed in the commercial lending market. Below are some potential challenges they might face:
1. Short implementation period and meeting deadlines: CFPB has proposed that the final rule for implementing Section 1071 will become effective 90 days after it is published in the Federal Register. FIs will just have 18 months to understand and comply. They will have to update their systems and train their employees for additional data collection.
2. Comprehensive data collection, monitoring, and analysis: FIs will have to collect 28 additional data points, meaning longer application time and reviews. Moreover, they are also required to submit the data annually by June 1. FIs could reuse the previous data if it was procured in the same year as the time of application; however they will need to modify their operations quickly to capture this data.
3. Ensuring data integrity – protecting the collected data: The rule requires FIs to retain the data for three years. There are specific requirements for what data must be made public and which FI employees can access, which will require detailed access control capabilities.
Preparing for Section 1071 – Checklist for Financial Institutions
While it may seem like there is time for Section 1071 to come into full effect, FIs must start preparing a detailed action plan for compliance. The first step includes identifying the impact on data collection practices, technology, processes, and guidelines for the stakeholders involved.
1. Enabling tech for data collection capabilities
FIs preparing for Section 1071 must enhance their operations to accurately capture new data elements and improve existing data models for back-end validation. These operational enhancements require advanced technological solutions to effectively collect and manage the required data fields. Implementing robust tools and software enables FIs to automate data collection processes, reducing manual errors and increasing efficiency. These solutions streamline data collection and allow institutions to generate reports and respond to regulatory inquiries quickly. Additionally, the data elements must seamlessly integrate across multiple systems and establish new controls. By embracing these tech changes, FIs ensure compliance while optimizing data collection processes for improved operational effectiveness.
2. Risk management programs
FIs must identify the scope of impact for their covered credit transactions and review banking processes for any necessary revisions. The revised protocols should align with the proposed firewall provisions and retention requirements. Effective risk management programs are essential for identifying, assessing, and mitigating potential risks associated with Section 1071 compliance. FIs should establish comprehensive frameworks and protocols for risk assessment to ensure that potential risks are identified in a timely manner. Also, they should regularly monitor and review their risk management programs to keep pace with evolving regulatory requirements and address emerging risks effectively. This approach to risk management will contribute to maintaining compliance and safeguarding the institution’s reputation.
3. Gap analysis and oversight coordination
To ensure Section 1071 compliance, FIs must undertake a thorough evaluation and gap analysis of their current processes and systems. This assessment should identify areas that require upgrades, including oversight of potentially discriminatory practices and data collection reporting standards. FIs should conduct testing to ensure adherence to the proposed changes and implement corrective actions effectively. Furthermore, FIs must assess their data collection processes, technology infrastructure, and reporting capabilities to identify deficiencies. Establishing oversight coordination mechanisms, assigning responsibilities, setting up reporting channels, and monitoring progress is vital to achieving compliance and ensuring consistency throughout the organization.
4. Written policies and procedures
Developing and implementing well-documented policies and procedures is key to achieving Section 1071 compliance. FIs should articulate clear policies and guidelines outlining specific data collection protocols, reporting requirements, and other compliance-related procedures. These policies should be accessible to all relevant stakeholders, including employees, and should reflect the institution’s commitment to meeting regulatory requirements. The policies and procedures should be periodically reviewed and updated to align with the evolving regulatory landscape.
When developing written policies and procedures, consider including the following elements:
- Data collection protocols: Specify the data fields and formats required for compliance with Section 1071
- Reporting guidelines: Outline the reporting frequency, format, and other requirements for submitting data to regulatory authorities
- Data privacy and security measures: Detail the procedures and safeguards in place to protect sensitive customer information
5. Assistance from third-party providers
Partnering with experienced third-party providers can offer significant benefits in meeting Section 1071 requirements. These providers possess in-depth knowledge and understanding of the intricacies of Section 1071, enabling FIs to navigate the complexities of the regulation more efficiently and ensuring accurate data collection and reporting. Fintech partners offer advanced data collection and management tools that streamline processes through automation, ensuring data accuracy and seamless integration with existing systems. Additionally, they provide scalable infrastructure and secure data storage capabilities to handle large volumes of consumer credit data mandated by Section 1071. Fintech partnerships also offer real-time reporting and analytics capabilities, empowering institutions to monitor compliance status, gain insights, and proactively address any issues. They can actively monitor regulatory changes and provide ongoing support, helping institutions stay up-to-date and adapt to evolving Section 1071 requirements. Thorough due diligence is essential when selecting third-party providers, and proper contractual and service-level agreements should be established to ensure clear roles, responsibilities, and expectations. This partnership between financial institutions and third-party providers can enable efficient Section 1071 compliance while ensuring data integrity and regulatory compliance.
Complying with Section 1071 – How CredAcc can help
Ensuring full compliance with Section 1071 will be daunting for FIs, given the resources and time it will take. A comprehensive action plan for implementing all the proposed rules is the need of the hour. Most FIs are looking at enhancing their existing loan applications, revising processes and training, and testing and validating new data collection points. FIs must intimate their LOS providers to take full responsibility for incorporating a proper system to collect, store, and report customer data.
Per a Cornerstone Advisors’ report, 1 in 5 banks is expected to incorporate a new or replacement Loan Origination system for commercial and consumer lending in 2023. While these upgrades are driven by next-gen capabilities, requirements like Section 1071 compliance are key drivers to fairer yet profitable lending practices. At CredAcc, our banking experts can guide you through gap analyses in existing systems and establish robust governance structures to comply with fair lending requirements. Our breakthrough capabilities and innovative approach to credit solutions have recently received recognition in Aite Novarica’s evaluation report on Commercial Loan Origination System vendors. The report covers all impacts on lending, with a particular focus on Section 1071 compliance.
We are here to help your institution throughout the entire process of Section 1071 implementation and compliance. CredAcc’s next-gen no-code LOS platform is highly configurable, easy to set up, and innovative, with flexible APIs that can facilitate efficient integration with your systems. Our end-to-end solution comes embedded with market-leading third-party integrations for best-in-class services at minimal cost and time to market. You can define and configure workflows, policies, and permissions and rapidly create, test, and launch new products directly to SMB customers.
The platform is built to sustain rapid innovations and is better positioned to help you prepare for the biggest changes in the SMB lending market. Contact us for any assistance related to Section 1071 implementation.