Compliance Confessionals – Section 1071 of the Dodd-Frank Act and Compliance

Amanda Khatri

Editorial Manager

Compliance expert and former Head of Compliance, Sylvia Yarbough, shares secrets and insights from the heart of the compliance team.

If you have a compliance confession or are worried about emerging regulations, visit our Compliance Confession Booth.


Section 1071 of the Dodd-Frank Act amends the Equal Credit Opportunity Act (ECOA) requiring financial institutions to compile and report certain data about business credit applications to the Consumer Financial Protection Bureau (CFPB).

The new rule became effective on March 30, 2023, and requires data submission of any covered financial institution that originates a minimum of 100 loans in each of the two consecutive years before the next filing period.

This rule applies to nearly all lenders, not just banks and credit unions. If your organization is an online lender, FinTech, or non-profit entity providing loans to small businesses (defined as gross annual revenues of $5 million or less) this rule applies to you.

To summarize, the rule requires key data, beyond the basics, to be collected and reported. This now includes:

  • minority-owned business status;
  • women-owned business status;
  • LGBTQI+ owned status; and
  • principal owner’s ethnicity, race, and sex.

Data collection and submission deadlines are based on a tiered scale by volume:

For those of us that survived the enhanced Home Mortgage Disclosure Act (HMDA) data collection requirements a few years ago, this may sound familiar. The requirements on ethnicity and race with the expanded categories and sub-categories are the same.

However, one key difference is the lender collecting the data does not need to fill in ethnicity, race, or sex based on observation. In addition, most financial institutions already identify minority-owned businesses and women-owned businesses to satisfy Community Reinvestment requirements. Incorporating these two statuses as well as including LGBTQI+ will, however, raise the bar in truly understanding equal access to lending in the small business arena.

Large organizations that leverage well-known loan application platforms are most likely in the best position to implement this new rule if their loan application providers have been following the proposed rule.

Albeit, legacy platform providers are not so nimble, they do tend to have an eye on regulatory changes that affect their industry. In addition, with the advent of cloud computing and various artificial intelligence tools, changes to data collection requirements are becoming more and more seamless.

Changes to systems and platforms, although difficult, should not be where the challenge lies for compliance if your team has been following the final rule and guiding your business on the journey. Many small and regional financial institutions classify loans of more than $1 million as commercial.

Commercial lenders and commercial loan platforms are not necessarily accustomed to being subjected to this level of granularity in implementing a regulatory requirement. Beneficial ownership was, arguably, the biggest regulatory change at the loan level that I can recall affecting that space in the last 10 years. I am sure there are still a few commercial businesses still grappling with how to get this implemented to meet the data collection deadlines.

However, the smart compliance team needs to move beyond planning for the collection and submission. Compliance teams need to start thinking about modelling this data to understand possible fair lending effects because that is what the CFPB is working on. In most of the larger organizations, small business fair lending analysis is not new. But it is based on very limited data sets.

Now with the introduction of additional, more telling data elements, it will be imperative to develop the appropriate models that incorporate the data and understand what it means for your organization. Given the rollout schedule and the tier your organization falls into, it may be a while before you have competitor data available from the CFPB.

The smart compliance team will, however, prepare their analysis to compare their lending markets to each other and even begin to compare themselves to the first available data set in your market — even if not similar size lenders.

The understanding of the disparate impact and disparate treatment within and across these categories will create an interesting modelling challenge. Unlike consumer lending that for better or worse allows for identifying consumers with the same or similar credit characteristics, small business lending criteria is not as standardized.

In conducting small business credit decisions an assortment of items is reviewed to include business type, revenue streams, markets, operations, etc. Yes, there are the big three (Dun & Bradstreet, Experian and Equifax) credit agencies that can be leveraged for a credit score.

However, micro-businesses are often put through more subjective criteria, due to a lack of well-established credit, which can make it difficult to identify if decisions are made based on creditworthiness or in fact, some form of discrimination is occurring.

A good front-runner to fair lending analysis for your compliance team is to better understand the lending models that are used to approve or deny small business applications — especially if your organization is leveraging external vendors or AI technology.

Based on my experience most fair lending teams within compliance have a rudimentary understanding of the lending analytics in use to make credit decisions. The more advanced these models become the more compliance teams struggle in being able to understand if their organization is compliant.

By understanding the inputs and algorithms, compliance is better positioned to proactively mitigate biases in the lending process by having a voice in the design. It will also make it easier to create fair lending models within the back end.

For those organizations below the 100 loan originations threshold remember it is a low threshold, particularly if your organization intends to be in business for the long haul. Even if you are half of that number today, I would encourage you to:

  1. deep dive into your lending decisions criteria,
  2. start collecting the necessary data before you need it, and
  3. develop fair lending analysis.

 The best way any organization will manage compliance in the evolving small business ECOA landscape is to become hyper-proactive.

Contact CUBE so we can help you proactively manage every single regulatory change.