1071: Purpose & Implications
The Dodd-Frank Wall Street Reform and Consumer Protection Act, passed by Congress in 2010, established the Consumer Financial Protection Bureau (CFPB). Section 1071 governs small business lending data collection.
The Equal Credit Opportunity Act (EOCA) was amended under Section 1071, requiring financial institutions to collect data on credit applications from minority- and women-owned businesses. On September 1st, 2021, CFPB issued its Notice of Proposed Rule Making (NPRM) to implement Section 1071. Similar to how the Home Mortgage Disclosure Act (HMDA) requires financial institutions to provide mortgage data, Section 1071 will require covered FIs to provide data for minority- and women-owned businesses. The purpose of the rule is to support and create equal opportunities for minority- and women-owned small businesses while enforcing fair lending laws. Financial institutions of all sizes and types, including fintechs and small business lenders, will be impacted by Section 1071. The following sections will explain how the Bureau’s key elements of the proposed rule will affect the covered financial institutions and credit transactions.
Section 1071 – what SMB lenders need to know
Per CFPB’s current proposed rule, any financial institution that originated 25 or more covered transactions for small businesses in the past two calendar years will be required to collect loan application data. The CPFB issued this long-awaited, final rule implementing Section 1071 of the Dodd-Frank Act on March 30th, 2023.
Section 1071 will make it easier for agencies to enforce fair lending laws for small businesses while enabling seamless access to information for the public about community development needs. CPFB states, “the proposal also addresses its approach to privacy interests and the publication of Section 1071 data; shielding certain demographic data from underwriters and other persons; recordkeeping requirements; enforcement provisions; and the proposed rule’s effective and compliance dates.”
Section 1071 aims to increase transparency to identify opportunities and shortcomings for small businesses and create equal credit opportunities. For small business lenders, this means that the CFPB will further enforce more stringent examination and supervisory reviews. Once this rule is final, small business lenders will have eighteen months to comply. Thus, it is critical for financial institutions to proactively prepare for data collection practices to become Section 1071 compliant. With the substantial shift that lenders will experience throughout their loan lifecycles, nothing less than a complete transformation effort is required to prepare for Section 1071.
NPRM – Terms and Definitions
The NPRM has provided new definitions, a sample data collection form, and instructions for lenders on collecting and reporting data points. This collected data will be made public annually on CFPB’s website.
1. Covered Financial Institutions: The Bureau proposes that a covered financial institution would be one that originated at least 25 covered credit transactions for small businesses in each of the two preceding calendar years. Covered financial institutions include:
2. Covered Credit Transactions: The Bureau proposes defining a “covered credit transaction” as one that meets the definition of business credit under existing Regulation B, with certain exceptions. Loans, lines of credit, credit cards, and merchant cash advances, including such credit transactions for agricultural purposes and those covered by the Home Mortgage Disclosure Act of 1975 (HMDA), would all be covered credit transactions within the scope of this proposed rule.
3. Covered Applications: The Bureau is proposing to define a “covered application”—which would trigger data collection and reporting requirements — as an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested.
4. Small Businesses: The Bureau is proposing to define a “small business,” about whose applications for credit data must be collected and reported, by reference to the definitions of “business concern” and “small business concern” as set out in the Small Business Act and Small Business Administration (SBA) regulations. However, instead of using the SBA’s size standards for defining a small business concern, the Bureau’s proposed definition would examine whether the business had $5 million or less in gross annual revenue for its preceding fiscal year.
Data Collection Requirements for Financial Institutions
Section 1071 requires financial institutions to collect and report on thirteen data points. Furthermore, it provides CFPB the authority to require any additional data, if necessary, to fulfill the statutory purposes of the rule. The thirteen mandatory data points include:
Discretionary Data Points
In addition to the above-mentioned mandatory data points, Section 1071 requires FIs to collect and report “any additional data that the Bureau determines would aid in fulfilling the purposes of [section 1071].” The Bureau refers to these as “discretionary data points.”
- Time in business
- NAICS code and number of employees
- Application method
- Application recipient
- Reasons for credit denial
Some FIs have expressed concern that such discretionary data, if made public, might give their competitors detailed insights into their lending practices or create privacy concerns for the applicants. Furthermore, questions have also been raised about the methodology of collecting this data. For instance, in incomplete or false information cases, the institution staff may base the collection on unreliable observations.
CredAcc can help you comply with Section 1071
Ensuring full compliance with Section 1071 will be daunting for FIs, given the resources and time it will take. The most pressing need is a comprehensive action plan for implementing all the proposed rules. Most FIs are looking at enhancing their existing loan applications, revising processes and training, and testing and validating new data collection points. FIs must intimate their LOS providers to take full responsibility for incorporating a proper system to collect, store, and report customer data.
CFPB had proposed that the final rule for implementing Section 1071 will become effective on June 28th, 2023, 90 days after its March 30th publication in the Federal Register. However, compliance deadlines vary for different FIs, allowing covered FIs to take tactical steps to prepare for the impending changes.
At CredAcc, we have closely monitored the CFPB’s data collection and reporting requirements for small businesses. We continue to add functionality to our commercial and small business LOS to ensure complete 1071 compliance. We will also continue updating our resources to assist banks and covered FIs with the expectations, requirements, and preparations. Our breakthrough capabilities and innovative approach to credit solutions have recently received recognition in Aite Novarica’s evaluation report on Commercial Loan Origination System vendors. The report covers all impacts on lending, with a particular focus on Section 1071 compliance.
Our team of consultants and banking experts is available to guide you through gap analyses in existing systems and work with establishing robust governance structures to comply with fair lending requirements. We are here to help your institution throughout the entire process of Section 1071 implementation and compliance.