Rose Oswald PoelsBy Rose Oswald Poels

Since the enactment of the Dodd-Frank Act in 2010, WBA has assisted members in understanding and implementing countless layers of new federal regulations — some as straight forward as creating and delivering a new one-page notice, others much more complex, including TRID, mortgage servicing rules, and QM/ATR underwriting standards (and those are only the most recent of new laws).

An area of the Dodd-Frank Act that much of the industry has been anxiously awaiting is that of Section 1071. As a reminder, Section 1071 of the Dodd Frank Act amended the Equal Credit Opportunity Act (ECOA) to require that financial institutions collect and report to the Consumer Financial Protection Bureau (CFPB) certain data regarding applications for credit for women-owned businesses, minority-owned businesses, and small businesses.

Having been in this industry for over thirty years, I will say that the forthcoming business data collection and reporting regulation is of the magnitude — both in cost and in operational impact — of what bankers experienced with the implementation of other industry-changing regulations such as the Bank Secrecy Act, Reg CC, or the SAFE Act. I can recall pre-BSA procedures, and now we operate in an implemented BSA world; a time of in-branch check encoding and processing to today’s electronic presentment, centralized clearing, and near live-time processing; and of course, a time when TILA and RESPA were separate disclosures versus today’s mortgage loan application and closing procedures due to TRID rules.

The same will be true after full implementation of a final Section 1071 rule. This law, once finalized, will change how business credit applications are processed. Data will need to be collected and reported as never before. Some members experience similar types of data collection and reporting under the Home Mortgage Disclosure Act (HMDA), but even non-HMDA reporting banks may be required to comply with Section 1071 data collection and reporting.

Based upon recent agency regulatory agenda filings and court filings earlier this month, it is expected that CFPB will finalize its Section 1071 Small Business Lending Data Collection and Reporting Rule by March 2023. Rest assured, I understand the impact this rule will have on the membership. In my comment letter to CFPB regarding its Section 1071 proposal, I advocated for the collection of only those data points required under the Dodd-Frank Act, a higher exemption threshold, and for a longer implementation period to help lessen the impact of the new regulation.

Late last year, WBA prepared a toolkit to help senior management, commercial lenders, loan processors, compliance officers, and others involved with small business lending to better understand the impact of CFPB’s proposal on the bank. Those resources are still available, and I would recommend those in the areas mentioned become familiar with the general concepts of the proposal, understand what could become law, and begin considering the impact on the bank. Planning will be crucial with a regulation as impactful as what Section 1071 will be.

In addition to being vocal during the regulatory process on Section 1071, WBA has advocated for repeal of Section 1071 with our congressional delegation for the last 10 years. Although it is late in the session, I am pleased to share that Rep. Scott Fitzgerald (WI-05) introduced on July 20 the Making the CFPB Accountable to Small Business Act which would repeal Section 1071 of the Dodd-Frank Act. Rest assured, WBA will continue its strong advocacy at all levels to try and reduce this regulatory burden. In the meantime, WBA plans to create further resources once the final rule is released and will help answer questions related to the new regulation.

Current WBA Section 1071 resources may be found on the WBA Compliance Resources webpage.

Earlier this year the CFPB issued its long-awaited proposal for implementing Section 1071 of the Dodd-Frank Act, which requires collection of credit application data for small businesses, including women-owned and minority-owned small businesses. Comments on the proposal are due January 6, 2022. WBA will be creating a draft comment letter for use by members to reply to CFPB regarding concerns and impact of the proposal on banks. WBA encourages each bank to consider submitting its own letter reflecting bank-specific information. In preparation for these comments, WBA has prepared the following considerations regarding the rule.

What specific burdens will your institution face as a result the proposal? Some examples might include:

  • Costs, technology, training, staffing, customer-facing educational information needs.
  • Review of application process (based upon the rule’s definition of application).
  • Is the proposed “firewall” process workable for the bank?
  • What sort of implementation period will be necessary?

More specifically you might consider:

  • Will bank need to hire new staff (compliance, processor, etc.)?
  • Technology costs, such as a new platform, or 1071 data software.
  • Costs associated with updating existing systems, testing, applications, training, development of new policies and procedures, legal consultation, review of implementation, etc.
  • New annual costs related to collection such as customer service, data management, resolution of errors, exam prep, etc.

In preparation for filing comments, banks should plan to provide specific estimates where possible. For example, if bank predicts new software will be necessary to capture the data, be prepared to provide CFPB with a specific cost if possible.

As mentioned above, WBA will be creating a draft comment letter for use by members to reply to CFPB. The letter will be released shortly to allow banks time to personalize their letter with bank-specific information. For more information about CFPB’s Section 1071 proposal, please see the WBA Toolkit and PowerPoint materials.

The long awaited proposed rule regarding the collection and reporting of small business lending data as required by Section 1071 of the Dodd-Frank Act has finally been released by the Bureau of Consumer Financial Protection (CFPB). Unfortunately, the proposed rule is as broad and onerous as the industry expected it to be as it will be costly to train, implement, and monitor. The proposal would revise Regulation B, which implements the Equal Credit Opportunity Act (ECOA), to require the collection and reporting to CFPB certain data on applications for credit by small businesses. The proposal is substantial; however, below is a brief summary of the proposed rule.

Who Must Collect Data

The first step of analysis for any proposal is to identify whether it will apply to the bank. In this case, the proposal is broad and will very likely apply to all banks in Wisconsin. As proposed, if a bank originates at least 25 credit transactions that are considered “covered credit transactions” to “small businesses” in each of the two preceding years, the proposed rule will apply to the bank. Generally, a “small business” under the proposal is a business that had $5 million or less in gross annual revenue for its preceding fiscal year.

What CFPB has proposed be considered a “covered credit transaction” is a bit trickier an analysis but is generally the same as what is considered an application under the existing Regulation B definition of “application.” The proposed term does; however, exclude reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; also excluded is an inquiry or prequalification request.

What Data is to be Collected

Next, the data to be collected. Dodd-Frank Act Section 1071 identified certain data that must be collected by CFPB; the law also gave CFPB discretion to collect additional data. CFPB has incorporated all Dodd-Frank Act required data and several discretional data into its proposal. In particular, banks must collect a unique identifier of each application, application date, application method, application recipient, action taken by bank on the application, date action taken, denial reasons, amount applied for, amount originated or approved, and pricing information including interest rate, total origination charges, broker fees, initial annual charges, additional cost for merchant cash advances or other sales-based financing, and prepayment penalties.

Banks must also collect credit type, credit purpose, information related to the applicant’s business such as census tract, NAICS code and gross annual revenue for applicant’s preceding fiscal year, number of applicant’s non-owner workers, applicant’s time in business, and number of applicant’s principal owners.

There is also demographic information about the applicant’s principal owners to collect. These data points include minority- and women-owned business status, and the ethnicity, race, and sex of the applicant’s principal owners. The proposal also requires banks to maintain procedures to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response, addresses how banks are to report certain data if data are not obtainable from an applicant, when banks are permitted to rely on statements made by an applicant, when banks must verify applicant’s responses to certain data collected, and when banks may reuse certain data collected in certain circumstances such as when data was collected within the same calendar year as a current covered application and when the bank has no reason to believe the data are inaccurate.

When and How Data Must be Reported

Banks would be required to collect data on a calendar-year basis and report the data to CFPB by June 1 of the following year. CFPB has proposed to provide technical instructions for the submission of data in a Filing Instructions Guide and related materials.

The submitted data is also to be made available to the public on an annual basis. Banks would be required to make the reported data available on their website, or otherwise upon request, or must provide a statement that the bank’s small business lending application register is available on CFPB’s website. Model language for such statement has been proposed by CFPB.

Limit of Certain Bank Personnel’s Access to Certain Data

The proposed rule implements a requirement under Section 1071 that banks limit certain employees’ and officers’ access to certain data. CFPB refers to this as the “firewall.” Pursuant to the proposed rule, an employee or officer of a bank or bank’s affiliate who are involved in making any determination concerning the applicant’s covered application would be prohibited from accessing an applicant’s responses to inquiries that the bank made regarding whether the applicant is a minority- or woman-owned business. Such employees are also restricted from information about an applicant’s ethnicity, race, and sex of the applicant’s principal owners.

There are exceptions to the requirement if it is not feasible to limit such access, as that factor is further set forth in the proposal. If an exception is permissible under the proposal, notice must be given to the application regarding such access. Again, CFPB has created model language for such notice.

Recordkeeping and Enforcement

The proposal establishes certain recordkeeping requirements, including a three year retention period for small business lending application registers. The proposal also includes a requirement to maintain an applicant’s responses to Section 1071 inquiries regarding whether an applicant is a minority- or women-owned business, and responses regarding the ethnicity, race, and sex of the applicant’s principal owners, separate from the rest of the application and accompanying information.

The proposal does include enforcement for violations of the new rules, addresses bona fide errors, and provides for a safe harbor.

Learn More and Get Involved

The proposal and additional information, including a chart of the proposed data collection points, may be viewed at:

WBA will comment on the proposal and will create a template letter for bankers to use in providing their own comments to CFPB regarding the impact the proposal will have on the bank. Comments are due 90 days from publication of the proposed rule in the Federal Register. At time of publication of the article, the proposal had not yet been published. CFPB has proposed mandatory compliance of a final rule be eighteen months after its effective date. WBA Legal is creating a working group to collect data and concerns from Wisconsin’s bankers on the proposal. If you wish to be part of the working group, please contact WBA Legal at

This article originally ran in the September 2021 edition of the WBA Compliance Journal, to view the entire publication, click here.