Rose Oswald PoelsBy Rose Oswald Poels

Since the enactment of the Dodd-Frank Act in 2010, WBA has assisted members in understanding and implementing countless layers of new federal regulations — some as straight forward as creating and delivering a new one-page notice, others much more complex, including TRID, mortgage servicing rules, and QM/ATR underwriting standards (and those are only the most recent of new laws).

An area of the Dodd-Frank Act that much of the industry has been anxiously awaiting is that of Section 1071. As a reminder, Section 1071 of the Dodd Frank Act amended the Equal Credit Opportunity Act (ECOA) to require that financial institutions collect and report to the Consumer Financial Protection Bureau (CFPB) certain data regarding applications for credit for women-owned businesses, minority-owned businesses, and small businesses.

Having been in this industry for over thirty years, I will say that the forthcoming business data collection and reporting regulation is of the magnitude — both in cost and in operational impact — of what bankers experienced with the implementation of other industry-changing regulations such as the Bank Secrecy Act, Reg CC, or the SAFE Act. I can recall pre-BSA procedures, and now we operate in an implemented BSA world; a time of in-branch check encoding and processing to today’s electronic presentment, centralized clearing, and near live-time processing; and of course, a time when TILA and RESPA were separate disclosures versus today’s mortgage loan application and closing procedures due to TRID rules.

The same will be true after full implementation of a final Section 1071 rule. This law, once finalized, will change how business credit applications are processed. Data will need to be collected and reported as never before. Some members experience similar types of data collection and reporting under the Home Mortgage Disclosure Act (HMDA), but even non-HMDA reporting banks may be required to comply with Section 1071 data collection and reporting.

Based upon recent agency regulatory agenda filings and court filings earlier this month, it is expected that CFPB will finalize its Section 1071 Small Business Lending Data Collection and Reporting Rule by March 2023. Rest assured, I understand the impact this rule will have on the membership. In my comment letter to CFPB regarding its Section 1071 proposal, I advocated for the collection of only those data points required under the Dodd-Frank Act, a higher exemption threshold, and for a longer implementation period to help lessen the impact of the new regulation.

Late last year, WBA prepared a toolkit to help senior management, commercial lenders, loan processors, compliance officers, and others involved with small business lending to better understand the impact of CFPB’s proposal on the bank. Those resources are still available, and I would recommend those in the areas mentioned become familiar with the general concepts of the proposal, understand what could become law, and begin considering the impact on the bank. Planning will be crucial with a regulation as impactful as what Section 1071 will be.

In addition to being vocal during the regulatory process on Section 1071, WBA has advocated for repeal of Section 1071 with our congressional delegation for the last 10 years. Although it is late in the session, I am pleased to share that Rep. Scott Fitzgerald (WI-05) introduced on July 20 the Making the CFPB Accountable to Small Business Act which would repeal Section 1071 of the Dodd-Frank Act. Rest assured, WBA will continue its strong advocacy at all levels to try and reduce this regulatory burden. In the meantime, WBA plans to create further resources once the final rule is released and will help answer questions related to the new regulation.

Current WBA Section 1071 resources may be found on the WBA Compliance Resources webpage.

Earlier this year the CFPB issued its long-awaited proposal for implementing Section 1071 of the Dodd-Frank Act, which requires collection of credit application data for small businesses, including women-owned and minority-owned small businesses. Comments on the proposal are due January 6, 2022. WBA will be creating a draft comment letter for use by members to reply to CFPB regarding concerns and impact of the proposal on banks. WBA encourages each bank to consider submitting its own letter reflecting bank-specific information. In preparation for these comments, WBA has prepared the following considerations regarding the rule.

What specific burdens will your institution face as a result the proposal? Some examples might include:

  • Costs, technology, training, staffing, customer-facing educational information needs.
  • Review of application process (based upon the rule’s definition of application).
  • Is the proposed “firewall” process workable for the bank?
  • What sort of implementation period will be necessary?

More specifically you might consider:

  • Will bank need to hire new staff (compliance, processor, etc.)?
  • Technology costs, such as a new platform, or 1071 data software.
  • Costs associated with updating existing systems, testing, applications, training, development of new policies and procedures, legal consultation, review of implementation, etc.
  • New annual costs related to collection such as customer service, data management, resolution of errors, exam prep, etc.

In preparation for filing comments, banks should plan to provide specific estimates where possible. For example, if bank predicts new software will be necessary to capture the data, be prepared to provide CFPB with a specific cost if possible.

As mentioned above, WBA will be creating a draft comment letter for use by members to reply to CFPB. The letter will be released shortly to allow banks time to personalize their letter with bank-specific information. For more information about CFPB’s Section 1071 proposal, please see the WBA Toolkit and PowerPoint materials.

The long awaited proposed rule regarding the collection and reporting of small business lending data as required by Section 1071 of the Dodd-Frank Act has finally been released by the Bureau of Consumer Financial Protection (CFPB). Unfortunately, the proposed rule is as broad and onerous as the industry expected it to be as it will be costly to train, implement, and monitor. The proposal would revise Regulation B, which implements the Equal Credit Opportunity Act (ECOA), to require the collection and reporting to CFPB certain data on applications for credit by small businesses. The proposal is substantial; however, below is a brief summary of the proposed rule.

Who Must Collect Data

The first step of analysis for any proposal is to identify whether it will apply to the bank. In this case, the proposal is broad and will very likely apply to all banks in Wisconsin. As proposed, if a bank originates at least 25 credit transactions that are considered “covered credit transactions” to “small businesses” in each of the two preceding years, the proposed rule will apply to the bank. Generally, a “small business” under the proposal is a business that had $5 million or less in gross annual revenue for its preceding fiscal year.

What CFPB has proposed be considered a “covered credit transaction” is a bit trickier an analysis but is generally the same as what is considered an application under the existing Regulation B definition of “application.” The proposed term does; however, exclude reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; also excluded is an inquiry or prequalification request.

What Data is to be Collected

Next, the data to be collected. Dodd-Frank Act Section 1071 identified certain data that must be collected by CFPB; the law also gave CFPB discretion to collect additional data. CFPB has incorporated all Dodd-Frank Act required data and several discretional data into its proposal. In particular, banks must collect a unique identifier of each application, application date, application method, application recipient, action taken by bank on the application, date action taken, denial reasons, amount applied for, amount originated or approved, and pricing information including interest rate, total origination charges, broker fees, initial annual charges, additional cost for merchant cash advances or other sales-based financing, and prepayment penalties.

Banks must also collect credit type, credit purpose, information related to the applicant’s business such as census tract, NAICS code and gross annual revenue for applicant’s preceding fiscal year, number of applicant’s non-owner workers, applicant’s time in business, and number of applicant’s principal owners.

There is also demographic information about the applicant’s principal owners to collect. These data points include minority- and women-owned business status, and the ethnicity, race, and sex of the applicant’s principal owners. The proposal also requires banks to maintain procedures to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response, addresses how banks are to report certain data if data are not obtainable from an applicant, when banks are permitted to rely on statements made by an applicant, when banks must verify applicant’s responses to certain data collected, and when banks may reuse certain data collected in certain circumstances such as when data was collected within the same calendar year as a current covered application and when the bank has no reason to believe the data are inaccurate.

When and How Data Must be Reported

Banks would be required to collect data on a calendar-year basis and report the data to CFPB by June 1 of the following year. CFPB has proposed to provide technical instructions for the submission of data in a Filing Instructions Guide and related materials.

The submitted data is also to be made available to the public on an annual basis. Banks would be required to make the reported data available on their website, or otherwise upon request, or must provide a statement that the bank’s small business lending application register is available on CFPB’s website. Model language for such statement has been proposed by CFPB.

Limit of Certain Bank Personnel’s Access to Certain Data

The proposed rule implements a requirement under Section 1071 that banks limit certain employees’ and officers’ access to certain data. CFPB refers to this as the “firewall.” Pursuant to the proposed rule, an employee or officer of a bank or bank’s affiliate who are involved in making any determination concerning the applicant’s covered application would be prohibited from accessing an applicant’s responses to inquiries that the bank made regarding whether the applicant is a minority- or woman-owned business. Such employees are also restricted from information about an applicant’s ethnicity, race, and sex of the applicant’s principal owners.

There are exceptions to the requirement if it is not feasible to limit such access, as that factor is further set forth in the proposal. If an exception is permissible under the proposal, notice must be given to the application regarding such access. Again, CFPB has created model language for such notice.

Recordkeeping and Enforcement

The proposal establishes certain recordkeeping requirements, including a three year retention period for small business lending application registers. The proposal also includes a requirement to maintain an applicant’s responses to Section 1071 inquiries regarding whether an applicant is a minority- or women-owned business, and responses regarding the ethnicity, race, and sex of the applicant’s principal owners, separate from the rest of the application and accompanying information.

The proposal does include enforcement for violations of the new rules, addresses bona fide errors, and provides for a safe harbor.

Learn More and Get Involved

The proposal and additional information, including a chart of the proposed data collection points, may be viewed at:

WBA will comment on the proposal and will create a template letter for bankers to use in providing their own comments to CFPB regarding the impact the proposal will have on the bank. Comments are due 90 days from publication of the proposed rule in the Federal Register. At time of publication of the article, the proposal had not yet been published. CFPB has proposed mandatory compliance of a final rule be eighteen months after its effective date. WBA Legal is creating a working group to collect data and concerns from Wisconsin’s bankers on the proposal. If you wish to be part of the working group, please contact WBA Legal at

This article originally ran in the September 2021 edition of the WBA Compliance Journal, to view the entire publication, click here.

Congress passed the Economic Growth, Regulatory Relief and Consumer Protection Act (S. 2155) on May 22, 2018. The bill was signed by President Trump on May 24. While the Act is now law, many of its provisions require implementation from the Federal banking agencies in order to be effective. The Act provides some direct regulatory relief, but also serves as an acknowledgement of a need for change in the realm of deregulation. It passed by a bipartisan vote of 258-159 and represents a step in the right direction. What follows is not a comprehensive review of the Act, but a summary of key provisions related to the banking industry.

Title I. Improving Consumer Access to Mortgage Credit

Section 101

Creates a new category of qualified mortgage (QM) for purposes of meeting the Truth in Lending Act’s (TILA) ability to repay requirements. This QM is available to financial institutions less than $10 billion in assets that originate and retain the loan in portfolio. To obtain QM status under this rule the loan must meet certain requirements:

  • Restrictions on prepayment penalties;
  • Total points and fees less than or equal to 3% of the loan amount;
  • No negative amortization or interest only features; and,
  • Fully amortized for fixed rate loan.

While this QM status is available as a matter of law, some clarification is still required by the Consumer Financial Protection Bureau (CFPB). For instance, CFPB must clarify the relationship between the new QM category and the existing small creditor QM. 

Section 103

Provides an exception from appraisal requirements in rural areas. An appraisal for a federally-related mortgage loan is not required if the following criteria are met:

  • Loan is under $400,000;
  • Real property located in a rural area (under TILA);
  • Within 3 days after providing the Closing Disclosure, contact at least 3 State certified appraisers;
    • These appraisers must not be available within 5 business days, and the financial institution must document this fact; and,
  • Loan is held in portfolio.
    • May be sold or transferred under limited circumstances.

This relief is not available for high cost mortgage loans (under TILA) or, for loans where an appraisal would otherwise be required for safety and soundness reasons under other federal regulatory requirements.

Section 104

Exempts certain small-volume loan originators from the new HMDA reporting requirements. Financial institutions that originate fewer than 500 closed-end mortgage loans in each of the two preceding calendar years may revert to pre-January 2018 HMDA reporting requirements. Similarly, financial institutions that originate fewer than 500 open-end lines of credit in each of the two preceding calendar years may revert to pre-January 2018 reporting requirements. Thus, for HELOCs there is an:

  • Exemption from HMDA reporting for HELOCs during 2018-2019 period; and,
  • Limited HELOC reporting for post 2019 period.

None of the Section 104 exemptions apply to any bank that has received a “needs to improve” CRA rating during each of the last 2 most recent exams or a “substantial non-compliance” rating on its most recent exam. CFPB. The CFPB will need to implement, or rewrite, the existing HMDA rule to clarify Section 104’s relation to current reporting requirements.

Section 108

Creates a new exemption from escrow requirements for residential mortgage loans (under TILA) for financial institutions that:

  • Have assets of $10 billion or less;
  • Originated 1,000 or fewer first lien mortgages secured by a principal dwelling in the preceding year; 
  • Originated at least one covered transaction in a rural or underserved area (under TILA); and
  • Do not maintain an escrow account for real estate secured loans other than when required for HPML or distressed customers. however, an HPML must continue to meet the covered transaction, extension, and asset threshold tests under 1026.35(b)(2)(iii).

This exemption is created in addition to the existing escrow exemption available under TILA. This exemption is not immediately effective. The CFPB must write implementing regulations in order for the exemption to become available. The Act does not give a timeline that CFPB must follow for implementation.

Section 109

Eliminates the 3-day waiting period required by the TILA/RESPA integrated disclosure rules when a consumer receives a second offer for credit by the same lender. Meaning, if the APR becomes inaccurate, by changing more than 1/8th of a 1% that results in a lower rate, a corrected Closing Disclosure is still required, but does not require a 3 day waiting period before closing.

Title II. Regulatory Relief and Protecting Consumer Access to Credit

Section 201

Simplifies the capital calculations for community banks that have less than $10 billion in assets by requiring the Federal banking agencies to establish a specified Community Bank Leverage Ratio between 8% and 10%. This specified ratio is designed to provide relief from Basel III capital standards for community banks. Financial institutions that maintain this ratio are presumed to be well capitalized an in compliance with risk based capital and leverage requirements.

Section 203

Exempts banks with less than $10 billion in assets from the Volcker Rule. 

Section 205

Requires the federal banking agencies to implement regulations raising the eligibility for reduced Report of Condition and Income (short form call reports) from $1 billion to $5 billion in assets.

Section 210

Increases the asset threshold for the 18 month instead of 12 month examination cycle from $1 billion to $3 billion in assets.

Section 213 

Permits the collection and use of certain information, such as a copy of a customer’s driver’s license, in connection with online banking.

Other Sections to Consider

As discussed above, this article does not provide a comprehensive analysis of S. 2155. It is designed to highlight certain portions of select sections within the Act. There are other sections in each title above, as well as titles not discussed above. Some of those titles not discussed that readers should be aware of are:

  • Title III – Protections for Veterans, Consumers, and Homeowners;
  • Title IV – Tailoring Regulations for Certain Bank Holding Companies;
  • Title V – Encouraging Capital Formation; and,
  • Title VI – Protections for Student Borrowers.


Readers are encouraged to consult S. 2155 to review the sections above in full, as well as those sections not discussed. The Act can be found here:

In addition, if you missed the WBA webinar, Everything You Need to Know About S.2155 All Member Call, you can access its recording here: 

Click here to view the rest of the July 2018 Compliance Journal.

By, Ally Bates

The threat of unintentionally engaging in an unfair, deceptive, or abusive act or practice (UDAAP) is enough to keep a diligent banker up at night. UDAAP violations are rightfully scary – UDAAP is broad and subjective, lacks in concrete guidance, and presents a serious reputational risk to a bank. Since the passage of the Dodd-Frank Act which granted the Bureau of Consumer Financial Protection (CFPB) new UDAAP authority, UDAAP has become a hot topic and growing concern in the banking industry. Though we would all benefit from further delineation of UDAAP, the regulatory guidance, along with recent enforcement actions and litigation, as described below, provide some direction to bankers seeking to successfully manage UDAAP risk. 

By way of background, the Dodd-Frank Act prohibits banks and others from engaging in unfair, deceptive, or abusive acts or practices. In addition, Section 5 of the FTC Act prohibits banks and other persons from engaging in unfair or deceptive acts or practices. As you can see, the Dodd-Frank Act broadened the scope of the FTC Act by adding the term “abusive.” Banks, whether federally- or state-chartered, are subject to both prohibitions. 

Such prohibitions broadly cover all acts and practices in banking – from advertising to debt collection, consumer to business credit transactions, along with add-on products and third-party vendor relationships, to name a few. Thus, bankers should frequently question whether their actions, or those of a vendor, could amount to a violation of UDAAP. 

So, what does amount to a UDAAP violation and what should bankers consider when examining their bank’s acts and practices? Bankers should consider the following guidance issued by the banking regulatory agencies when evaluating an act or practice in the context of UDAAP:

Is the act or practice UNFAIR? An act or practice is unfair when:

  • It is likely to cause substantial injury to consumers; 

Substantial injury may include a larger harm to one consumer or a small amount of harm to a large number of people. Typically, the injury involves monetary harm, though in certain circumstances, such as debt collection harassment, emotional harm could amount to substantial injury.

  • The injury is not reasonably avoidable by consumers; and 

In other words, the consumer could not avoid the injury by taking actions that are practical and not unreasonably expensive. A consumer cannot reasonably avoid an injury if the act/practice interferes with or hinders their decision-making ability, like if material information about a product is withheld until after the consumer purchases a product, for instance. 

  • The injury is not outweighed by countervailing benefits to consumers or to competition.

Such countervailing benefits may include, for example, lower prices or a wider availability of products/services. This was demonstrated in a 2016 CFPB enforcement action which found a bank’s practice unfair wherein the bank advertised and charged customers for credit-monitoring services that were not provided due to the bank’s failure to receive proper customer authorization. Just two years earlier, the FDIC, along with the CFPB and the OCC, took enforcement action against a bank for similar practices, costing the bank over $50 million in civil money penalties and restitution.  

Is the act or practice DECEPTIVE?  A representation, omission, act or practice is deceptive when:

  • It misleads or is likely to mislead the consumer;

The FTC’s “Four P’s” Test provides guidance to determine if an action or omission is misleading:

  1. Is the statement prominent enough for the consumer to notice it?
  2. Is the information presented in an easy-to-understand format that is not contradicted elsewhere? Is information presented at a time when the customer is not distracted? 
  3. Is the information placed in a location where consumers are expected to look/hear?
  4. Is the information in close proximity to the claim it qualifies?

Furthermore, misleading information may include an express or implied claim or promise (written or oral). Some examples of misleading information include: misleading cost or price claims, offering products or services that are unavailable, or omitting material limitations or conditions from an offer. To illustrate, in June 2014, FDIC took enforcement action against a bank for understating available interest rates on deposit-secured loans.

  • The consumer’s interpretation of or reaction to the representation, omission, act or practice is reasonable under the circumstances; and

Banks should consider whether a reasonable member of the target audience would feel misled (e.g. if marketing is targeted to college students, the communication must be examined from the perspective of a reasonable college student).

  • The misleading representation, omission, act or practice is material.

Among others, the central characteristics of a product/service are presumed material: cost, benefits, and restrictions on use or availability. Outside of defined presumptions, a bank should look to whether the consumer’s choice of, or conduct regarding, a product or service is impacted.   

To demonstrate, CFPB took enforcement action against Santander Bank who, through its vendor, misled consumers into opting into overdraft services by misrepresenting the fees associated with opting in and the consequences of not opting-into the service, among others.

Additionally, the banking regulatory agencies settled an enforcement action in 2014 where the bank’s efforts to market free checking accounts misled consumers, as the marketing did not properly disclose the minimum account activity required nor did it disclose the fact that the account would convert to a monthly-fee checking account after 90 days of inactivity. 

Is the act or practice ABUSIVE? An abusive act or practice:

  • Materially interferes with the consumer’s ability to understand a term or condition of a product or service; or
  • Unreasonably takes advantage of:
    • a consumer’s lack of understanding of the material risks, costs, or conditions of the product or service;
    • a consumer’s inability to protect his/her own interests in selecting or using a product or service; or
    • a consumer’s reliance on the Bank (or a representative of the Bank) to act in the consumer’s interest.

A recent example of an abusive practice is the deceptive marketing of reverse mortgages to elderly populations.

Additional examples of recent UDAAP enforcement actions and litigation trends include:  

  • Refusing to release a lien after a consumer has paid in full;
  • Failing to establish policies and procedures to prevent against fraudulent payment processing; 
  • Misrepresenting loan terms; and
  • Misrepresenting the assessment of overdraft fees (assessed based on the available balance but contracts and marketing materials state such fees are assessed based on the actual balance).

Bankers should heed the regulatory guidance and glean lessons from recent mistakes of other financial institutions. Notably, UDAAP violations can be, and often are, assessed in conjunction with violations of other state and federal laws. For example, if a TRID disclosure significantly misrepresents closing costs, a UDAAP violation could be brought in addition to a Truth-in-Lending/Regulation Z violation. Additionally, as examples described above demonstrate, a bank is responsible for the actions of its vendors.

In order to combat UDAAP, bankers should take both a proactive and reactive approach. First, banks should integrate UDAAP reviews proactively into areas such as new product development, creation and revision of fee schedules, marketing plans, and reviews of third-party vendor materials. In addition, UDAAP training should be provided to employees, as appropriate. Reactively, banks should ensure UDAAP is a part of regularly-scheduled audits (internal and external), and, importantly, a robust complaint management procedure should be in place. Such procedures should specify how the bank receives, monitors, and responds to customer complaints. Notably, regulators will often review consumer complaints in an effort to identify areas of the bank at risk for UDAAP violations. 

In summary, UDAAP should be appropriately integrated into the organization. Penalties are high, litigation is costly, but the reputational hit is the highest price a bank can pay.

WBA wishes to thank Atty. Lauren C. Capitini, Boardman & Clark, LLP for providing this article. Boardman & Clark is a WBA Gold Associate Member.

By, Ally Bates