Prepare to meet Section 1071 data collection requirements

Michael Holley, Kate Gutierrez-Wilson, Jonathan Marciniak
Prepare to meet Section 1071 data collection requirements

CFPB rules implementing Section 1071 of Dodd-Frank can shift how lenders view small business data collection. Ready your organization for compliance.

Federal rules can take time to implement, but financial services organizations should proactively evaluate how to meet Section 1071, an important requirement for small business lending data collection.

On March 30, 2023, the Consumer Financial Protection Bureau (CFPB) issued a final rule for the implementation of Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Organizations must position themselves to meet the requirements of the CFPB’s final rule according to its timetables.

Discuss fair lending essentials with our specialists
When compliance is critical, our consultants help clients meet requirements efficiently and effectively.

What is the objective of Section 1071?

Consistent with Section 1071, covered financial services organizations are required to collect and report data on applications for credit for small businesses, including those that are owned by women or minorities. According to the CFPB, the objectives for collecting such data are to "facilitate enforcement of fair lending laws” and “enable communities, governmental entities, and creditors to identify business and community development needs and opportunities” of the target businesses.

The CFPB proposed a rule in September 2021 to amend Regulation B and implement changes to the Equal Credit Opportunity Act (ECOA) as required by Section 1071. The March 30, 2023, final rule prescribes how affected financial services organizations should collect and report applicable data.

Why is small business data important?

Why is small business data important?

According to the CFPB, the purpose of the data collection regulation is to “promote the availability of credit to all creditworthy applicants” without regard to certain demographic signifiers. Data gathered through Section 1071 compliance could also provide a clearer understanding of how an organization’s decisions affect small businesses and the communities in which they operate.

Previously, regulatory focus on small business lending centered on assessing redlining, discrimination, and fair lending weaknesses throughout an organization’s processes. Because of prohibitions in information gathering, analysis of these factors was largely dependent upon the Bayesian Improved Surname and Geocoding (BISG) proxy method to identify the race and ethnicity of borrowers. However, this proxy method could only provide approximations of performance outcomes. Measuring and monitoring lending activities in majority-minority census tracts within an organization’s expected market area is an inexact science without concrete data.

With the data required to be collected under Section 1071, financial services organizations can more directly assess fair lending risks within their small business lending portfolios by:

  • Determining whether applicants in the prohibited basis group are disproportionately denied credit
  • Analyzing pricing and credit policy exceptions for potential disparities between the prohibited basis groups and their corresponding control groups
  • Geocoding approved and denied loans for market penetration and redlining analysis, allowing financial services organizations to understand where they are and are not lending

The final rule also addresses potential impact to the Community Reinvestment Act (CRA). As stated in the final rule, “The CFPB believes that when the final rule amending the CRA requirements is issued, duplication between the CRA and this rule will be eliminated, as requested by numerous commenters, including industry and community groups.”

What changed from proposed rule to final rule?

The final rule includes some key changes from the September 2021 proposed rule, based on CFPB review and evaluation of comments received from the industry. Below are several of the key revisions from the proposed rule to the final rule:

  • The proposed rule would have required financial services organizations to comply when originating 25 or more small business loans in each of the prior two fiscal years. The final rule changed this threshold to 100 loans originated in each of the preceding two fiscal years.
  • The proposed rule did not include an exclusion of Home Mortgage Disclosure Act (HMDA)-reportable loans from the small business Loan Application Register (LAR), whereas the final rule provides that exemption.
  • The CFPB elected to not adopt the proposed requirement that a financial services organization collect at least one principal owner’s ethnicity and race information through visual observation or surname analysis under certain circumstances.
  • The final rule added an additional data point related to LGBTQI+-owned business status.
View our webinar on Section 1071 preparation
Listen to our consultants discuss essentials and answer questions.

How should organizations prepare?

How should organizations prepare?

Financial services organizations are responsible for building and verifying their internal capabilities to collect, report, and monitor information to the standards of the CFPB’s final rule. In preparing for implementation, financial services organizations should consider answering the following questions:

How will rule implementation timing factor into operations?

As the CFPB explains in the final rule and its “Small Business Lending Rule Info Sheet,” the CFPB has rolled out a tiered approach to compliance. This approach responds to concerns that some small and midsized lenders would be unable to comply with the rule within 18 months of implementation.

Small business loans originated in 2022 and 2023
Begin collecting data
Initial filing date
2,500 or more loans Oct. 1, 2024 June 1, 2025
500-2,499 loans April 1, 2025 June 1, 2026
100- 499 loans Jan. 1, 2026 June 1, 2027

Organizations should prepare to meet requirements by:

  • Informing their boards of directors, senior management, risk teams, IT teams, and affected line-of-business (LOB) partners about the pending regulatory requirements and the timeframe for implementation
  • Setting up meetings among compliance, risk, IT, and LOB partners to establish and review project plans

A project plan should map all systems used by each LOB for loan origination, servicing, collection, and document retention.

What personnel might be affected?

What personnel might be affected?

The collection, reporting, and monitoring of this data may add strain to staff and available resources. Organizations should consider the effects and potential mitigations for various positions.

Commercial and small business lenders and underwriters

Commercial and small business lenders whose roles have not required a strong working knowledge of HMDA requirements may be unprepared for the rigorous processes required for accurate collection of data under Section 1071.

For some organizations, commercial and small business loan applications are less formal than consumer mortgage applications and can encompass a variety of documents such as financial statements, credit memos, or offer sheets to gather and evaluate information. Organizations might need to rethink how small business application data is collected and whether a different approach might be required for efficient and accurate collection of the required datapoints.

Lenders and underwriters must establish a process and control framework that appropriately mitigates the risk of noncompliance. Personnel should learn requirements, establish and document new controls, and test the controls to evaluate effectiveness.

Support personnel

Loan processors, loan closers, and pre- and post-closing personnel need to understand the new rule and what information must be collected. Such personnel might be unfamiliar with the locations of reportable data points in source documentation. Additionally, they might need to adapt to short- or long-term manual processes for data entry and reporting depending on the capabilities of their organization’s loan origination system.

Compliance personnel

Although the new rule will require compliance department expertise to provide advice and guidance, data collection and reporting should be established as a business unit function.

Risk and compliance management should consider holding meaningful discussions with senior and executive management. Topics could focus on the significance of a compliance strategy, the need for cultural buy-in, and the importance of understanding regulatory requirements, system constraints, and limitations.

Additionally, applicable elements of the Section 1071 rule should be integrated into the organization’s enterprisewide risk assessment. Assessment results should drive the frequency of both the second and third lines of defense monitoring and testing.

Organizations can help alleviate challenges by:

  • Evaluating current processes to determine where additional application and underwriting stage steps might be required
  • Assigning roles and responsibilities and establishing consistent processes under policies and procedures
  • Creating a source document reference guide demonstrating where required data points are located
  • Evaluating staffing capacity and needs
  • Training personnel on expected requirements

Which technologies require review?

Which technologies require review?

Many commercial and small business loan origination systems are not currently designed to capture the data points required by Section 1071. An organization’s evaluation of its technology should consider its capabilities to:

  • Capture commercial and small business loan origination system data points
  • Centralize data collection functions for information collection at the time of application, and data that is generated throughout the credit approval stage
  • Factor Section 1071 data sets into LAR submission software
  • Monitor for pending CRA modernization developments, to determine impact on existing software

Organizations should seek a discussion with their third-party loan origination system, core system, and loan document partners about their preparations for compliance with the final rule.

We can help make implementation easier.

A considerate and comprehensive implementation strategy can help your organization reach compliance with fewer potential hurdles. Our fair lending and compliance specialists can provide broad planning and execution support at each step of the process.

Crowe specialists can help you navigate Section 1071 requirements

Reach out today to discuss your organization’s compliance planning.
Michael Holly
Michael Holley
Managing Director, Financial Services Consulting
Katie Gutierrez
Kate Gutierrez-Wilson
Financial Services Consulting
Jonathan Marciniak
Jonathan Marciniak
Financial Services Consulting