Regulation B Subpart B Section 1071

/in /by

What’s the Game Plan?  

Regulation B Section 1071 mandatory compliance is quickly approaching and it’s not a small undertaking. This new rule requires an extensive amount of data collection from lenders who have typically stayed out of the compliance spotlight – small business lenders. The rule is designed to create increased transparency on lending practices and opportunities to small businesses loan applicants, identify any unmet credit needs, and enforce fair lending laws.  

 

The mandatory compliance dates are tiered based on the number of covered small business loans originated in each of the previous two calendar years. The table below illustrates the compliance date tiers that financial institutions will need to consider when determining when they must begin collecting data and otherwise complying with the final rule: 

 

Compliance Date Tier  Origination Threshold for the Compliance Date Tier  Date That A Covered Institution Begins Data Collection & Otherwise Complying with the final Rule  Deadline for A Covered Financial Institution to Report First Year of Data to the CFPB 
Tier 1  At least 2,500 covered originations in both 2022 and 2023 (or 2023 and 2024)  July 18, 2025*  June 1, 2025* 
Tier 2  At least 500 covered originations in both 2022 and 2023 but not 2,5000 or more covered originations in both 2022 and 2023 (or 2023 and 2024)  January 16, 2025*  June 1, 2027* 
Tier 3  At least 100 covered originations in both 2022 and 2023 but not 500 or more covered originations in both 2022 and 2023 (or 2023 and 2024)  October 18, 2026*  June 1, 2027 
Additionally, a bank that originates at least 100 covered originations in both 2024 and 2025 must collect data and otherwise comply with the final rule beginning October 18, 2026 (regardless of the number of covered originations it originated in prior years). 

 

*The following dates have been updated to reflect the extended compliance data revised in the June 25, 2024 Interim Final Rule. 

 

If the bank is unable to determine the number of covered credit transactions it originated for small businesses in each of the calendar years 2022 an 2023 (or 2023 and 2024) for purposes of determining its compliance date, because of some or all of this period it does not have readily accessible the information needed to determine whether its covered credit transactions were originated for small businesses as defined in § 1002. 106(b), it is permitted to use any reasonable method to estimate its originations to small businesses for either or both of the calendar years 2022 and 2023 (or 2023 and 2024). 

 

So, what’s next? Here are action items to consider in your implementation plan: 

 

  • Coverage and Compliance Dates: Determine how many covered transactions your institution originated during the two-year lookback period (the final rule allows institutions to use either 2022 and 2023 or 2023 and 2024 as the two-year lookback) and identify the related mandatory compliance date for collecting and reporting.  
  • IT Systems: Identify the software and IT systems that will be used to collect, store, and transmit the data to the small business loan application register (SBLAR). Determine if any new software purchases are necessary and contact your current loan software providers for details on how the current software is going to change to comply with the increased data collection requirements. Schedule a demo with current and any new potential software providers.  
  • Policies and Procedures: Expand or create new policies and procedures to address the expectations for the new rule. The procedures should outline your institution’s process for collecting data in a way that ensures all the required data points are collected and reported in a compliant manner. Additionally, policies and procedures should address updates to roles and responsibilities. All policies should be reviewed and approved by the Board of Directors prior to the mandatory compliance date.  
  • Firewall Component: Section 1071 includes a specific rule related to accessing an applicant’s demographic information. The final rule states that employees and officers of a covered financial institution are prohibited from accessing an applicant’s demographic information that is recorded during the application process. This poses a challenge for many financial institutions whose loan officers are involved in all aspects of the application process. For this reason, the final rule permits financial institutions to simply provide an exception notice to applicable applicants or to a broader group (all) of applicants. However, your financial institution must first determine if it is able to systematically create a firewall or if it will rely upon the exception notice. As a best practice, your institution should retain evidence of how it arrived at the decision to create a firewall or rely upon the notice. 
  • Employee Roles and Responsibilities: Review and update current job descriptions to align with any process changes necessary for implementing Section 1071. It is likely that your institution’s lenders, processors, managers, and compliance personnel will have changes to their roles and responsibilities. Work with your HR professionals to update job descriptions so that their performance can be evaluated based on their updated roles. This will also serve as the support analysis for any firewall decisions. 
  • Written Applications: Determine how your institution will collect the data. With more than 81 data point fields, there is clear justification for using a written application form. Additionally, covered financial institutions can begin collecting data one year prior to their mandatory collection date. 
  • Underwriting Practices and Fair Lending Implications: Review your institution’s current underwriting practices. This data collection rule will have significant fair lending impacts for agricultural and commercial loan portfolios. Regulatory agencies will have access to significant amounts of data and will likely incorporate this into future fair lending examinations. Your institution should identify any potential fair lending red flags related to its underwriting, pricing, and origination/denials practices.  
  • Training and Monitoring: Prepare your loan staff and compliance personnel for the aspects of data collection, review, and reporting that they will be responsible for. This is a crucial step to ensuring regulatory compliance with the final rule. Establish an ongoing monitoring process to identify any gaps in the data collection and reporting processes and to ensure that the demographic data is consistently collected where required.  
  • Audit Expectations and Board Reporting: Update your current risk assessments and audit plans to incorporate Section 1071. Make sure to keep the Board informed of changes to your institution’s audit plans and any significant updates to the risk assessment.  
  • Website Notice: Set a reminder to post the required public notice on your institution’s website by the first reporting date (e.g., June 2026 or 2027).  

 

Implementing the Section 1071 final rule will take careful consideration and effort by your institution. At Brady Martz & Associates, we understand the challenges that come with implementing processes to comply with complex regulations. Our team of experts can help you assess your readiness, develop a tailored implementation strategy, and ensure your institution remains compliant while achieving its business goals. Contact us today to learn how we can support your compliance journey. 

 

Ryan Bakke, CPA 

701-852-0196 

ryan.bakke@bradymartz.com 

 Kelly Hoeven, CCBIA CBVM 

701-223-1717 

kelly.hoeven@bradymartz.com