How to Navigate CFPB 1071: Small Business Lender Regulation Guide

The Consumer Financial Protection Bureau (CFPB) introduced a new banking regulation rule that is shaking up the small business lending landscape. Known as CFPB 1071, this regulation aims to promote fairness and transparency in the lending process for small businesses. It requires financial institutions to collect and report detailed data on small business loan applications, approvals, and denials. This move has significant implications for lenders and borrowers, potentially reshaping how small businesses access credit.

Section 1071 of the Dodd-Frank Act forms the basis for this new rule, substantially changing data collection and small business reporting requirements. Lenders must understand the exclusions, compliance dates, and specific requirements to navigate this complex regulation successfully. This article will break down the critical aspects of CFPB 1071, including its overview, data collection requirements, reporting obligations, and strategies to ensure compliance. By the end, readers will have a clearer picture of how to adapt their lending practices to meet these new standards.

Overview of CFPB 1071 Small Business Lending Rule

Purpose and Scope

The CFPB 1071 rule implements Section 1071 of the Dodd-Frank Act, amending the Equal Credit Opportunity Act to enhance transparency in small business lending. Its primary objectives are facilitating fair lending law enforcement and identifying business and community development needs for women-owned, minority-owned, and small businesses. The rule requires covered financial institutions to collect and report data on small business credit applications, including demographic information about principal owners, lending decisions, and credit pricing.

Key Definitions

Under CFPB 1071, a "small business" is defined as an entity with $5 Million USD or less in gross annual revenue for its preceding fiscal year. The rule applies to "covered financial institutions," which include various entities engaged in financial activities that originated at least 100 covered credit transactions in each of the two preceding calendar years. Covered credit transactions encompass loans, lines of credit, credit cards, and other credit products used primarily for business or commercial purposes.

CFPB Rule Implementation Timeline

The implementation timeline for CFPB 1071 is tiered based on the number of covered originations. Following a Supreme Court ruling, the CFPB extended compliance dates. The earliest required reporters, with at least 2,500 covered originations in 2022 and 2023, must begin small business data collection in July 2025 and report by June 1, 2026. Subsequent tiers have later compliance dates, with the final tier beginning data collection in October 2026.

Data Collection Requirements

The CFPB 1071 rule mandates covered financial institutions to gather and report specific data points for small business credit applications. This comprehensive data collection process aims to enhance transparency and facilitate fair lending practices.

Demographic Information

Covered financial institutions must collect protected demographic information about the principal owners of small businesses. This includes data on minority-owned business status, women-owned businesses, minority-owned businesses, and LGBTQI+-owned business status. Additionally, the ethnicity, race, and sex of the principal owners are required. Small businesses have the option to self-identify in these categories. It's important to note that loan officers should not determine an applicant's demographic information.

Credit Application Details

The rule requires the collection of various credit application details. This includes information about the credit being applied for, such as credit type, purpose, and amount requested. Additionally, data on the applicant's business must be gathered, including census tract, gross annual revenue, NAICS code, number of workers, time in business, and number of principal owners. Lenders are permitted to rely on the financial and other information the small business provides.

Firewall Provisions

The CFPB 1071 rule includes firewall provisions to protect sensitive information. These provisions prohibit employees or officers from determining applications by accessing the demographic information of principal owners. This restriction applies to information such as minority-owned, women-owned, or LGBTQI+-owned business status, as well as the ethnicity, race, and sex of principal owners. However, the firewall provision does not apply if the financial institution determines that access is necessary and provides disclosure to the applicant at the time of inquiry.

Reporting and Disclosure Obligations

Annual Reporting to CFPB

The CFPB 1071 rule data reporting requirements mandate that financial institutions report collected data annually. Calendar-year data collection is mandatory, and reporting to the CFPB is due by June 1 of the following year. This reporting process aims to enhance transparency in small business lending practices and facilitate the enforcement of fair lending laws. The data reported includes information generated by the financial institution, such as unique identifiers, application dates, action taken, and pricing information.

Public Disclosure of Data

The CFPB plans to make the reported data publicly available through its website. This disclosure is subject to certain modifications or deletions determined by the CFPB to balance privacy risks to applicants and borrowers with the benefits of disclosure. The public availability of this data satisfies covered financial institutions' statutory obligation to make the information accessible upon request. The CFPB intends to publish application-level data for all fields, subject to a complete privacy analysis, and select aggregate analyses before releasing application-level data.

Record Retention Requirements

Covered financial institutions must retain evidence of compliance with the CFPB 1071 rule. This includes keeping copies of small business lending application registers and other compliance-related documentation for at least three years after the application register must be submitted to the CFPB. These records should be sufficient to demonstrate compliance with the rule's requirements, including data collection procedures and reporting obligations. Retaining these records is crucial for potential audits and ensuring ongoing compliance with the regulation.

Strategies for Ensuring Compliance

Financial institutions need to implement comprehensive strategies to navigate the complexities of CFPB 1071. These strategies should focus on developing compliance policies, implementing staff training programs, and establishing auditing and monitoring procedures.

Developing Compliance Policies

Financial institutions should create detailed policies that outline the impact of the CFPB 1071 final rule on their loan portfolio. These policies should include descriptions of processes for gathering, tracking, monitoring, and 1701 reporting pertinent information to comply with the rule. Establishing internal controls and defining roles and responsibilities for compliance management is crucial. Policies should also address the 'firewall' requirement, restricting access to specific demographic data.

Staff Training Programs

Educating staff on the technical aspects of the CFPB 1071 rule is compulsory for ensuring compliance. Training programs should cover the new 1701 data points collection, recording, and reporting requirements. Staff should be prepared for a more formal small business lending process than before. Institutions should also consider implementing monitoring programs for new staff to ensure their adherence to policies and procedures during their initial 90 days of employment.

Bank Compliance Online Courses

Consider Vubiz’s compliance training to help your employees understand CFPB 1071:  

• Small Business Lending Rule (1071) – Data Points
• Small Business Lending Rule (1071) – Firewall Requirements
• Small Business Lending Rule (1071) – In-Depth
• Small Business Lending Rule (1071) – Applicability

Request a demo to learn more about courses on the latest banking regulations.

Auditing and Monitoring Procedures

Regular compliance audits are essential to identify and address discrepancies or issues promptly. Institutions should adopt a quarterly compliance scorecard approach that identifies loan pricing exceptions and sets baseline performance indicators. Quality Assurance (QA) leaders should validate the accuracy and completeness of the required data and sign off on the institution's readiness. Periodic reviews of QA reporting with the business before the planned compliance report transmittal to the CFPB are recommended.

By implementing these strategies, financial institutions can enhance their readiness for CFPB 1071 compliance and mitigate potential risks associated with non-compliance.

Conclusion

The CFPB 1071 rule significantly impacts the small business lending landscape. It brings about significant changes in data collection and reporting practices, aiming to promote fairness and transparency. Lenders need to adapt their processes to meet these new standards, which include gathering detailed information about loan applications, borrower demographics, and lending decisions. This new approach to small business lending has the potential to reshape how small businesses access credit and how lenders operate in this space.

To successfully navigate this complex regulation, financial institutions should focus on developing strong compliance policies, rolling out comprehensive staff training programs, and setting up robust auditing procedures. By taking these steps, lenders can not only meet the requirements of CFPB 1071 but also contribute to a more transparent and fair lending environment. As the implementation dates approach, lenders must stay informed and prepare thoroughly to ensure they're ready for this significant shift in small business lending practices.