The Consumer Financial Protection Bureau (CFPB) has been moving forward with regulations implementing Section 1071 of the Dodd-Frank Act — a development that carries significant compliance implications for private lenders, community banks, and non-bank financial institutions that make business purpose loans. Understanding what these rules require, who they cover, and how to prepare is essential for any lender operating in the small business credit market.
What Is Section 1071 and Why Does It Matter?
Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act amends the Equal Credit Opportunity Act (ECOA) by requiring financial institutions to collect, maintain, and report data from loan applications submitted by women-owned, minority-owned, and small businesses. This includes collecting information about the gender, race, and ethnicity of the principal owners of those businesses.
The stated purpose of these data collection requirements is to give the CFPB and other regulators the tools they need to examine lending activity for potential gender- and race-based discrimination. For private lenders who have never been subject to HMDA or comparable data reporting obligations, this represents an entirely new compliance framework.
Which Lenders Are Covered?
Section 1071 applies broadly to “financial institutions” — a category that extends well beyond traditional depository banks to include non-bank lenders making business or commercial purpose loans to small businesses.
Proposed Exemption Thresholds
The CFPB has considered several exemption frameworks based on asset size and lending volume. Potential exemptions being evaluated include:
- Depository institutions with assets below $100 million or $200 million
- Financial institutions whose small business origination activity falls below specified thresholds, which the CFPB has considered setting at:
- 25 loans or $2.5 million in originations
- 50 loans or $5 million in originations
- 100 loans or $10 million in originations
- Institutions meeting a combined asset and activity threshold
Private lenders who originate a meaningful volume of business purpose loans should not assume an exemption applies without conducting a careful threshold analysis.
Covered Borrowers: Defining the Small Business Universe
The rule focuses on three categories of borrowers:
Small Businesses
The CFPB has proposed adopting the “small business concern” definition from the Small Business Act, using simplified size thresholds based on gross annual revenue, number of employees, or a combination of both.
Women-Owned Small Businesses
A women-owned small business is one where more than 50% of ownership or control is held by one or more women, and more than 50% of net profit or loss accrues to one or more women.
Minority-Owned Small Businesses
A minority-owned small business is one where more than 50% of ownership or control is held by one or more minority individuals, and more than 50% of net profit or loss accrues to one or more minority individuals.
Notably, Women-Owned and Minority-Owned Businesses that do not qualify as “small” may fall outside the initial reporting requirements, though the CFPB has flagged this as an area of continued evaluation.
What Types of Loans Are Covered?
The CFPB’s proposals cover term loans, lines of credit, and business credit cards made for a business or commercial purpose. The following loan types are generally excluded from coverage:
- Loans designated by the lender as consumer purpose loans
- Leases
- Trade credit
- Factoring transactions
- Merchant cash advances
The treatment of merchant cash advances and factoring is still being evaluated. Lenders utilizing these products should monitor rulemaking developments closely.
Required Data Points
Covered lenders would be required to collect, maintain, and submit a substantial set of data points for each covered application, including:
- Whether the applicant is women-owned, minority-owned, and/or a small business
- Application and loan identification numbers
- Application date and action taken date
- Loan or credit type and purpose
- Credit amount or limit applied for and approved
- Type of action taken on the application
- Census tract of the principal place of business
- Gross annual revenue of the applicant
- Race, sex, and ethnicity of the applicant’s principal owners
- Pricing information
- Time in business
- NAICS code and number of employees
This data set is more extensive than many private lenders have historically tracked, and building the operational infrastructure to collect, store, and report it accurately will require advance planning.
Key Recommendations from the Small Business Review Panel
In October 2020, the CFPB convened a Small Business Review Panel to gather input from regulated entities prior to issuing proposed rules. The panel’s December 2020 report included several notable recommendations:
- The CFPB should adopt a simple, clear definition of “small business” that is easy for applicants to understand and straightforward for lenders to implement
- The CFPB should consult with the Small Business Administration before finalizing size standards
- The CFPB should continue studying whether coverage should extend to larger Women-Owned and Minority-Owned Businesses that fall outside the “small business” threshold
- Regarding merchant cash advances, factoring, and related products, the panel recommended the CFPB continue assessing costs and benefits before finalizing coverage decisions
- The panel recommended that lenders be given ample notice before the final rule’s effective date and that the CFPB provide specific guidance on compliance resources for institutions with no prior federal data reporting experience
Implementation Timeline
The CFPB has proposed providing approximately two years for implementation after the final rule is published. Given the complexity of standing up new data collection systems, lenders should begin assessing their readiness well in advance of any effective date.
The Compliance Risk Private Lenders Cannot Ignore
Private lenders currently reporting HMDA data who will also be subject to Section 1071 will need to expand their existing data collection operations to capture the additional required fields. Private lenders who have never filed HMDA or similar reports face a steeper learning curve, requiring new procedures, technology infrastructure, and staff training from the ground up.
Beyond the reporting obligation itself, lenders must recognize that the CFPB and state regulators will use Section 1071 data to conduct fair lending examinations and analyze lending approval rates and pricing practices across demographic lines. Lenders who are subject to the rule would be well-served by conducting internal self-testing prior to the effective date of any final rules — identifying and correcting disparities before regulators do.
Next Steps for Private Lenders
Lenders should take the following preparatory actions:
1. Determine whether their lending activity will meet or exceed the applicable coverage thresholds under the final rule 2. Evaluate current data collection systems against the required data points and identify gaps 3. Develop policies and procedures for applicant data collection, including processes that comply with the rule’s firewall requirements separating underwriting decisions from demographic data 4. Consider conducting voluntary self-testing of loan approval and pricing data before the compliance deadline arrives
The Section 1071 rulemaking represents one of the most consequential regulatory developments for small business lenders in over a decade. Contact Geraci LLP at (949) 403-3488 or visit our offices at 90 Discovery, Irvine, CA 92618 to discuss how these requirements may affect your lending operation and what steps you should take now to prepare.
