The implementation of Section 1071 of the Dodd Frank Act brings a significant shift in reporting requirements for small business lending. It’s crucial to understand upcoming compliance dates and how technology can aid your financial institution in fulfilling these new obligations for data collection and reporting.
What is 1071?
Section 1071 of the Dodd Frank Act pertains to the collection and reporting of credit application data. It’s purposes are to facilitate enforcement of fair lending laws, and to enable creditors to identify business and community development needs and opportunities for women-owned, minority-owned, and small businesses.
Why is it important?
Small businesses are essential to the U.S. economy, in fact, small businesses, or businesses with less than 500 employees, make up 99.9% of businesses in the U.S. Small businesses are responsible for 62.7% of net jobs created since 1995. Therefore, it is vital to help ensure small businesses have equal access to safe and affordable credit.
Section 1071 mandates financial institutions to gather, maintain, and report to the CFPB data from small business credit applications, including demographic information of applicants. Compiling this data could assist with improving credit access to the underserved population.
Who does it affect?
- Covered financial institutions: One that originated at least 100 covered credit transactions for small businesses in each of the two preceding calendar years.
- Small businesses: According to the final rule, “a small business is a business that had $5 million or less in gross annual revenue for its preceding fiscal year. Thus, if a business had more than $5 million in gross annual revenue for its preceding fiscal year, it is not a small business pursuant to the final rule.”
When does Section 1071 of the Dodd Frank Act go into effect?
The CFPB extended compliance deadlines, and they are now broken out by tier, based on the number of covered transactions to small businesses that a lender originated in the preceding two calendar years. Covered FIs are permitted (not required) to use their small business originations from 2022 and 2023 to determine their compliance tier, or they may use their origination from 2023 and 2024.
- Tier 1: At least 2500 covered originations. Begin collecting data on July 18, 2025, and report on June 1, 2026.
- Tier 2: At least 500 covered originations. Begin collecting data on January 16, 2026, and report on June 1, 2027.
- Tier 3: At least 100 covered originations. Begin collecting data on October 18, 2026, and report on June 1, 2027.
What needs to be collected and reported? Start considering these required data points:
- Unique Identifier
- Application Date
-
Application Method
- Application Recipient
- Credit Type
- Credit Purpose
- Amount Applied For
- Amount Approved or Originated
- Action Taken
- Action Taken Date
- Denial Reasons
- Pricing Information
- Census Tract
- Gross Annual Revenue
- North American Industry Classification System (NAICS Code)
- Number of Workers
- Time in Business
- Minority-owned Business Status, Women-Owned Business Status, and LGBTQ1+-Owned Business Status*
- Ethnicity of Principal Owners*
- Race of Principal Owners*
- Sex of Principal Owners*
- Number of Principal Owners
* The data elements regarding the business ownership status and ethnicity, race, and sex must be collected and reported based only on the demographic information collected directly from each principal owner. The financial institution must put in place and maintain procedures to collect this applicant-provided data and is expressly prohibited from discouraging applicants to respond. This said, applicants are not required to provide the information and failure to do so or declining to do so must be reported for each principal owner accordingly. It will be important for financial institutions to monitor their response rates and the implications of low rates, per the rule.
The final rule also prohibits employees and officers from having access to the business ownership status and demographic responses if that employee or officer is involved in making any determination concerning the covered small business application, unless the covered FI determines an exception and provides a required notice to the applicant. A “firewall” must be established between the data and the permissioned access.
- Principal owners: A “principal owner” is an individual who directly owns 25 percent or more of the equity interests of a business. Thus, an applicant will have no more than four principal owners and may not have any principal owners if no natural person directly owns 25 percent or more of the equity interests of the business.
For further details regarding the data points and how they should be reported, please see the Small Business Lending Data Points Chart or the Small Entity Compliance Guide.
What can we do to prepare?
- Determine how many covered transactions your institution originated in 2022 and 2023. This will determine your compliance tier. Section 2.1 of the Small Business Compliance Guide provides in-depth examples of institutions that must comply based on covered transactions.
- Established a team to review the small entity compliance guide and work towards the reporting dates. Your HMDA team could be a good resource.
- Take a moment to review your small business lending practices and consider if changes need to be made to facilitate meeting Section 1071 of the Dodd-Frank Act.
Here are some additional resources from the CFPB website you might find helpful:
Quick References:
Guides:
FAQs
If your bank or credit union is still trying to determine the full impact for your organization, you are not alone. Jack Henry™ is committed to supporting regional and community financial institutions in facilitating 1071 compliance. Utilizing applicability business rules and digital data collection, we will provide the tools that can aid you in meeting the CFPB’s go-forward Section 1071 requirements.
Get in touch with us for more information or further assistance.
.svg)
