Prepare to meet Section 1071 data collection requirements

Michael Holley, Kate Gutierrez-Wilson, Jonathan Marciniak

CFPB rules implementing Section 1071 of Dodd-Frank can shift how lenders view small business data collection. Ready your organization for compliance.

Federal rules can take time to implement, but financial services organizations should proactively evaluate how to meet Section 1071, an important requirement for small business lending data collection.

On March 30, 2023, the Consumer Financial Protection Bureau (CFPB) issued a final rule for the implementation of Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Organizations must position themselves to meet the requirements of the CFPB’s final rule according to its timetables.

Discuss fair lending essentials with our specialists

When compliance is critical, our consultants help clients meet requirements efficiently and effectively.

Explore our services

What is the objective of Section 1071?

Consistent with Section 1071, covered financial services organizations are required to collect and report data on applications for credit for small businesses, including those that are owned by women or minorities. According to the CFPB, the objectives for collecting such data are to "facilitate enforcement of fair lending laws” and “enable communities, governmental entities, and creditors to identify business and community development needs and opportunities” of the target businesses.

The CFPB proposed a rule in September 2021 to amend Regulation B and implement changes to the Equal Credit Opportunity Act (ECOA) as required by Section 1071. The March 30, 2023, final rule prescribes how affected financial services organizations should collect and report applicable data.

Why is small business data important?

The CFPB's focus is to ensure equal access to credit.

According to the CFPB, the purpose of the data collection regulation is to “promote the availability of credit to all creditworthy applicants” without regard to certain demographic signifiers. Data gathered through Section 1071 compliance could also provide a clearer understanding of how an organization’s decisions affect small businesses and the communities in which they operate.

Previously, regulatory focus on small business lending centered on assessing redlining, discrimination, and fair lending weaknesses throughout an organization’s processes. Because of prohibitions in information gathering, analysis of these factors was largely dependent upon the Bayesian Improved Surname and Geocoding (BISG) proxy method to identify the race and ethnicity of borrowers. However, this proxy method could only provide approximations of performance outcomes. Measuring and monitoring lending activities in majority-minority census tracts within an organization’s expected market area is an inexact science without concrete data.

With the data required to be collected under Section 1071, financial services organizations can more directly assess fair lending risks within their small business lending portfolios by:

Determining whether applicants in the prohibited basis group are disproportionately denied credit
Analyzing pricing and credit policy exceptions for potential disparities between the prohibited basis groups and their corresponding control groups
Geocoding approved and denied loans for market penetration and redlining analysis, allowing financial services organizations to understand where they are and are not lending

The final rule also addresses potential impact to the Community Reinvestment Act (CRA). As stated in the final rule, “The CFPB believes that when the final rule amending the CRA requirements is issued, duplication between the CRA and this rule will be eliminated, as requested by numerous commenters, including industry and community groups.”

What changed from proposed rule to final rule?

The final rule includes some key changes from the September 2021 proposed rule, based on CFPB review and evaluation of comments received from the industry. Below are several of the key revisions from the proposed rule to the final rule:

The proposed rule would have required financial services organizations to comply when originating 25 or more small business loans in each of the prior two fiscal years. The final rule changed this threshold to 100 loans originated in each of the preceding two fiscal years.
The proposed rule did not include an exclusion of Home Mortgage Disclosure Act (HMDA)-reportable loans from the small business Loan Application Register (LAR), whereas the final rule provides that exemption.
The CFPB elected to not adopt the proposed requirement that a financial services organization collect at least one principal owner’s ethnicity and race information through visual observation or surname analysis under certain circumstances.
The final rule added an additional data point related to LGBTQI+-owned business status.

View our webinar on Section 1071 preparation

Listen to our consultants discuss essentials and answer questions.

Watch the recording

How should organizations prepare?

Financial services organizations are responsible for building and verifying their internal capabilities to collect, report, and monitor information to the standards of the CFPB’s final rule. In preparing for implementation, financial services organizations should consider answering the following questions:

How will rule implementation timing factor into operations?

As the CFPB explains in the final rule and its “Small Business Lending Rule Info Sheet,” the CFPB has rolled out a tiered approach to compliance. This approach responds to concerns that some small and midsized lenders would be unable to comply with the rule within 18 months of implementation.

Small business loans originated in 2022 and 2023	Begin collecting data	Initial filing date
2,500 or more loans	Oct. 1, 2024	June 1, 2025
500-2,499 loans	April 1, 2025	June 1, 2026
100- 499 loans	Jan. 1, 2026	June 1, 2027

Organizations should prepare to meet requirements by:

Informing their boards of directors, senior management, risk teams, IT teams, and affected line-of-business (LOB) partners about the pending regulatory requirements and the timeframe for implementation
Setting up meetings among compliance, risk, IT, and LOB partners to establish and review project plans

A project plan should map all systems used by each LOB for loan origination, servicing, collection, and document retention.

What personnel might be affected?

Staff affected by Section 1071 requirements include commercial and small business lenders and underwriters, support personnel, and compliance personnel.

The collection, reporting, and monitoring of this data may add strain to staff and available resources. Organizations should consider the effects and potential mitigations for various positions.

Commercial and small business lenders and underwriters

Commercial and small business lenders whose roles have not required a strong working knowledge of HMDA requirements may be unprepared for the rigorous processes required for accurate collection of data under Section 1071.

For some organizations, commercial and small business loan applications are less formal than consumer mortgage applications and can encompass a variety of documents such as financial statements, credit memos, or offer sheets to gather and evaluate information. Organizations might need to rethink how small business application data is collected and whether a different approach might be required for efficient and accurate collection of the required datapoints.

Lenders and underwriters must establish a process and control framework that appropriately mitigates the risk of noncompliance. Personnel should learn requirements, establish and document new controls, and test the controls to evaluate effectiveness.

Support personnel

Loan processors, loan closers, and pre- and post-closing personnel need to understand the new rule and what information must be collected. Such personnel might be unfamiliar with the locations of reportable data points in source documentation. Additionally, they might need to adapt to short- or long-term manual processes for data entry and reporting depending on the capabilities of their organization’s loan origination system.

Compliance personnel

Although the new rule will require compliance department expertise to provide advice and guidance, data collection and reporting should be established as a business unit function.

Risk and compliance management should consider holding meaningful discussions with senior and executive management. Topics could focus on the significance of a compliance strategy, the need for cultural buy-in, and the importance of understanding regulatory requirements, system constraints, and limitations.

Additionally, applicable elements of the Section 1071 rule should be integrated into the organization’s enterprisewide risk assessment. Assessment results should drive the frequency of both the second and third lines of defense monitoring and testing.

Organizations can help alleviate challenges by:

Evaluating current processes to determine where additional application and underwriting stage steps might be required
Assigning roles and responsibilities and establishing consistent processes under policies and procedures
Creating a source document reference guide demonstrating where required data points are located
Evaluating staffing capacity and needs
Training personnel on expected requirements

Which technologies require review?

Many commercial and small business loan origination systems are not currently designed to capture the data points required by Section 1071. An organization’s evaluation of its technology should consider its capabilities to:

Capture commercial and small business loan origination system data points
Centralize data collection functions for information collection at the time of application, and data that is generated throughout the credit approval stage
Factor Section 1071 data sets into LAR submission software
Monitor for pending CRA modernization developments, to determine impact on existing software

Organizations should seek a discussion with their third-party loan origination system, core system, and loan document partners about their preparations for compliance with the final rule.

We can help make implementation easier.

A considerate and comprehensive implementation strategy can help your organization reach compliance with fewer potential hurdles. Our fair lending and compliance specialists can provide broad planning and execution support at each step of the process.