The Consumer Financial Protection Bureau (CFPB) released the final ruling under Section 1071 stating that covered financial institutions are required to collect and report data on applications for credit for small businesses. While compliance departments are likely aware of Section 1071, lenders may not be and it could impact them the most. Learn what to expect and how Moody’s Analytics is preparing to help clients with this implementation.
What is Section 1071
The Dodd-Frank Act was passed into law in July 2010 and Section 1071 amended the existing Equal Credit Opportunity Act (ECOA), mandating data collection on small business loan applicants, including women and minority-owned firms. The ECOA prevents lenders from discriminating against borrowers for age, gender, ethnicity, nationality, or marital status. Section 1071 is meant to help enforce fair lending laws. The CFPB was tasked with implementing Section 1071 and the final ruling was announced on March 30, 2023.
What is covered under Section 1071
Section 1071 covers all institutions that currently make more than 100 small business loans in each of the prior two years. Small businesses are defined as business concerns with gross annual revenue in the prior year of $5 million or less. For all verbal or written requests for credit - including loans, credit cards, and lines of credit – covered institutions need to capture essential applicant data points. Please refer to the full law for details and consult with your compliance and legal teams to understand how this ruling impacts your firm.
What data is required?
There are several data fields that the CFPB is looking to require, some of which may be discretionary. The data fields include:
- How the application was received?
- Outcome of the Application
- Loan Purpose
- Loan Type (including the product, if there is a guarantee, what is the term, etc)
- Amounts (Applies for, Approved, Originated)
- Unique Identifier for the Application
- Census Tract
- Gross Annual Revenue
- NAICS Code
- Number of Employees
- Number of Years in Business
- Number of Principal Owners
- Decision of the Application (Accepted, Denied, Withdrawn, or Incomplete)
- Reason for Denial
- Decision Date
- Race, Sex, and Ethnicity of Principals
As part of the data collection, your institution is going to need to establish a firewall so that anyone involved in the credit decisioning process cannot access the data points related to the ethnicity, race, and gender of the applicant’s principal owners. This data will be collected by the CFPB annually and also require lenders to make disclosures.
What should I be doing now?
Data collection and compliance with the final rule will roll out in a tiered approach beginning October 1, 2024, depending on the number of small business loans originated in 2022 and 2023 (see here for details on compliance date tiers). This rule is going to require changes to your loan origination process. If you have not already, you should form a working group that consists of your Lending, Credit, IT, Compliance, Legal, and Financial Reporting departments. This collective working group should assess the rules and begin to answer the following questions:
- What data am I currently capturing compared to the rule?
- How am I capturing the existing data and where is it being stored?
- How am I going to capture the new data?
- What existing templates need to be modified?
- How am I going to extract the data for management reporting and reporting to the CFPB?
- What changes to my lending and credit process do I need to make?
- How am I going to enact the firewall to ensure only the people who need to see the data have the ability to?
Our commitment to you
Moody’s Analytics is committed to supporting our impacted clients and will be delivering functionality in our lending solutions to help facilitate the implementation of Section 1071. This will include support for the data reporting and data masking (firewall) requirements.