What to Know About the Revised Section 1071 Rule

A few weeks ago, the Consumer Finance Protection Bureau (CFPB or Bureau) released a revised Section 1071 rule . Section 1071 was part of the Dodd-Frank Wall Street Reform and Consumer Protection Act , which was passed in 2010. The section itself required that financial institutions, when receiving an application for credit for women-owned, minority-owned, or small business, must 1) inquire whether the business is women-owned, minority-owned, or a small business without regard as to how the application was received and whether or not it was in response to a solicitation by the financial institution, and 2) maintain a record of responses to such inquiry.

It left to the “regulation of the Bureau” to determine the “Form and Manner of Information”. The CFPB issued a proposed rule on September 1, 2021, and a final rule on March 30, 2023. The final rule faced significant challenges. Congress voted to repeal the section, but the attempt was vetoed by then-President Biden. It faced multiple challenges in federal court – including by America’s Credit Unions – which resulted in orders to stay the compliance date for many of the plaintiffs and intervenors. Here is some of what was required by the original rule and the changes made by the new rule.

Lenders - What is a Covered Financial Institution?

The original rule defined a covered financial institution as one that made as few as 100 credit originations per year. The new rule has increased that number to 1,000 transactions per year, in each of the preceding two years. Farm Credit System (FCS) lenders are excluded from coverage. As such, credit unions must have originated 1,000 covered transactions in each of the previous two years to be covered under the rule.

Borrowers – What is a Small Business?

The original rule defined a small business as one that made $5 million in gross annual revenue. The new rule has decreased that to $1 million. As covered financial institutions only have to collect data from businesses under the threshold, this change reduces the number of small businesses whose credit requests need to be captured in the rule’s data collection. This threshold is subject to adjustment every five years.

Loans – Are All Loans Included?

The new rule now excludes certain kinds of loans from reporting requirements. Covered lenders no longer need to report:

  • Merchant Cash Advances (MCAs) – These are agreements under which a small business receives a lump-sum payment in exchange for the right to receive a percentage of the small business’s future sales or income up to a ceiling amount.
  • Agricultural Lending – This covers lending to fund the production of crops, fruits, vegetables, and livestock, or to fund the purchase or refinance of capital assets such as farmland, machinery and equipment, breeder livestock, and farm real estate improvements. The CFPB states that this type of lending is subject to data collection by other agencies.
  • Small dollar credit – This means loans of less than $1,000. Like other limits in this rule, this amount is subject to inflation adjustment.

Data – What Changes Were Made?

The final rule reduced the number of data points required to be collected, as well. The new rule eliminated several discretionary data points including (1) application method, (2) application recipient, (3) denial reasons, (4) pricing information, and (5) number of workers. It also removed collection requirements related to LGBQTIA+ ownership and streamlined questions about race and ethnicity. Institutions must now:

  • Ask whether the applicant is a minority‑owned business and/or a women‑owned business, using the detailed definitions in § 1002.102 and without collecting LGBTQI+‑owned status.
  • Collect principal owners’ sex using only “male” or “female” categories.
  • Continue to collect principal owners’ ethnicity and race using aggregate categories, with the ability to report multiple race categories for an individual.

Also….

The new rule also removed "anti-discouragement" requirements, which had treated low demographic data response rates as evidence of discouragement and imposed extensive monitoring and remediation obligations. Instead, institutions must maintain procedures reasonably designed to obtain responses and ask when the initial request is made (ideally before final action), whether the request is prominently presented, whether it is easy for applicants to respond, and how data can be reused across applications. 

The new compliance date is January 1, 2028. Entities must begin collecting twelve months of data at that point for submission on June 1, 2029.

Please send comments or questions to [email protected]