This post was updated to reflect new compliance deadlines announced by the CFPB on May 17, 2024.
Lending & Credit Risk
Ag Lending
C&I Loans
Construction Lending
Consumer Lending
CRE Lending
Member Business Lending
Small Business Lending
FAQs: CFPB small business data collection info for lenders
March 30, 2023
Read Time: 0 min
What to know about the CFPB 1071 rule affecting small business loans
This post provides answers to some frequently asked questions about data requirements and other changes in the final rule released March 30, 2023.
Takeaway 1
Bank and credit union executives are worried about complying with the CFPB's final rule on small business loan application data.
Takeaway 2
The rule is aimed at tracking small business credits to enforce fair lending laws and ID and support women- and minority-owned small businesses.
Takeaway 3
Lenders will need to collect 20+ data points on each application from businesses with $5 million or less in gross annual revenue.
Data collection requirements
Concerns and questions about the CFPB 1071 rule
According to a recent survey, financial institution executives’ top regulatory compliance concern is the final rule from the Consumer Financial Protection Bureau (CFPB) on data collection for small business loan applications. The regulation, finalized and issued March 30, outranked BSA/AML rules, beneficial ownership requirements, and current expected credit loss (CECL) obligations.
This post provides answers to some of the frequently asked questions (FAQs) about what types of data financial institutions will have to collect from small business loan applications, as well as details to help banks and credit unions prepare for the CFPB rule to take effect.
Abrigo has been closely tracking the development of the CFPB’s requirements to collect and report small business loan data, and its product and compliance experts attend all relevant webinars and calls with the CFPB. Abrigo will add functionality to our commercial loan origination system to support upcoming compliance requirements once the final decisions have been made on the CFPB side.
In addition, Abrigo has and will continue to update resources to help banks and credit unions understand and prepare for what is expected to represent the most significant effort of small business lending data collection and reporting for financial institutions in nearly 50 years. A CFPB 1071 resource page for lenders, content, and educational webinars will walk lenders through requirements and preparations. Abrigo consultants are also available to work with financial institutions to ensure the smooth adoption of the requirements.
In the meantime, here are some answers to common questions about the CFPB’s upcoming requirements, as laid out in the final rule.
Visit CFPB 1071 resources for lenders for more on data collection requirements for small business lending.
The "what," "who" and "why"
Answers about the 1071 data collection rule
What is the CFPB's Section 1071 rule?
While officially titled “Small Business Lending Data Collection Under the Equal Credit Opportunity Act (Regulation B),” the rule prompting lenders’ consternation implements Section 1071 of the Dodd-Frank Act. Section 1071 amended Reg B. It requires financial institutions and others to compile, maintain, and submit to the CFPB data points on applications for credit for small businesses, including women-owned and minority-owned small enterprises.
What’s the purpose of reporting new information about small business loan applications?
The primary purpose of reporting the information is to:
- Provide tracking of small business credits to enforce fair lending laws and
- Enable creditors to identify and support the business needs of small businesses owned by women and other minorities within the community.
Who must collect small business loan application data under CFPB's rule?
Covered financial institutions defined in the rule are “any partnership, company, corporation, association, trust, estate, cooperative organization or other entity that engages in financial activity.” A variety of entities that engage in small business lending are covered, including depository institutions, online lenders, platform lenders, CDFIs, lenders involved in equipment and vehicle financing (both captive financing and independent financing companies), commercial finance companies, government lending entities, and nonprofit non-depository lenders.
According to the final rule, any entities that have originated at least 100 “covered credit transactions” for small businesses in each of the previous two calendar years fall under the rule’s requirements. For the initial determination of whether a creditor is subject to the requirements, financial institutions should review originations in either 2022 and 2023 or 2023 and 2024.
$5 million threshold
Defining "small business" under the rule
What will the CFPB consider a small business under the CFPB data collection rule?
The CFPB has defined small businesses as those with $5 million or less in gross annual revenue the preceding fiscal year.
What is a “covered" credit transaction?
Loans, lines of credit, credit cards, and merchant cash advances (MCAs) are the types of credit transactions that new data collection requirements cover. MCAs include transactions for agricultural purposes and those that are HMDA-reportable transactions. The rule defines a “covered credit transaction” as one that meets the definition of business credit under existing Regulation B, with certain exceptions.
Which credit transactions are excluded from data collection requirements?
The types of transactions excluded from the rule are trade credit, public utilities credit, securities credit, and incidental credit. Factoring, leases, consumer-designated credit used for business or agricultural purposes, credit secured by certain investment properties, transactions that are reportable under the Home Mortgage Disclosure Act of 1975 (HMDA), and insurance premium financing. are also excluded transactions, according to the final rule.
What triggers the CFPB's requirement to report business loan data?
A “covered application”—which triggers data collection, reporting, and related requirements when submitted by a small business—is an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested. The rule says this definition of covered application is largely consistent with the existing Regulation B definition of that term. However, covered applications for purposes of this rule do not include (1) reevaluation, extension, or renewal requests on existing business credit accounts, unless the request seeks additional credit amounts; or (2) inquiries and requalification requests.
What data must be collected under the 1071 rule?
For each small business application for credit covered by the rule, more than 20 data points will be required to be collected. As a result, the CFPB’s final rule substantially increases small business lending data collection and reporting requirements for some financial institutions. Just a few of the data points for each application are:
- the purpose of the credit
- action taken
- denial reasons
- Census tract
- number of workers
- ethnicity of principal owners
What’s the deadline for institutions to comply with the CFPB 1071 requirements?
The final rule requires the largest lenders to collect and report data earlier than smaller lenders. Specifically, lenders that originate at least 2,500 small business loans annually must collect data starting July 18, 2025, based on the CFPB's announced updated timeline following a U.S. Supreme Court ruling. Lenders that originate at least 500 loans annually must collect data starting Jan. 16, 2026 Lenders that originate at least 100 loans annually must collect data starting Oct. 18, 2026.
How often must lenders report small business loan data to the CFPB?
Data for the 1071 rule must be collected on a calendar year basis and reported to the CFPB before June 1 of the following year.
How should lenders prepare for CFPB 1071 compliance?
Paula King, Senior Advisor with Abrigo Advisory Services, recently provided a CFPB 1071 rule checklist to help financial institutions understand the requirements. It also includes actions financial institutions can take to prepare for and successfully comply with the final 1071 rule.
What help is available for complying with the requirements to collect small business loan application data?
In addition to automation, which is vital for efficiently using staff and reducing errors, financial institutions should consider whether a third-party resource, such as dedicated risk management consultants or advisors, would benefit them. Consultants can alleviate staff bandwidth issues and help to create or adapt current collection and loan pricing systems.
The CFPB has numerous detailed instructions for complying with the data collection rule related to small business credit applications. Find links to the bureau's resources and additional help aids on this site with CFPB section 1071 resources for lenders. The page has free training webinar information, preparation checklists, and additional aids for financial institutions providing small business loans.
Stay up to date on the CFPB 1071 data collection rule and other lending compliance topics.
We can help you navigate small business lending amid changing regulatory requirements. Abrigo’s solution for loan origination can help you streamline the origination process and ongoing customer management. Talk to a specialist to learn more.
About the Author