Understanding the 1071 Proposed Rule: A Guide for Small Business Lenders

4/28/2026 views1

If you're involved in small business lending, you've likely heard the term "1071 proposed rule" buzzing around. It's not just regulatory noise. This rule from the Consumer Financial Protection Bureau (CFPB) is poised to change how lenders collect, report, and think about small business loan data. For over a decade, since the Dodd-Frank Act was passed, Section 1071 has been on the books but not implemented. Now, it's moving from concept to concrete requirement, and the adjustment period won't be trivial.

I've spent years on both sides of this fence—first in commercial banking and later consulting for community banks on compliance. The most common mistake I see? Lenders viewing 1071 as just another HMDA-like reporting chore. It's more than that. It's a fundamental shift toward transparency that will expose lending patterns we've only guessed at. This guide cuts through the legal jargon to explain what the 1071 rule actually requires, who it affects, and the practical steps you should be taking today.

What You'll Find Inside

What is the 1071 Proposed Rule Really About?

At its core, the 1071 rule mandates that financial institutions collect and report data about their small business credit applications. The stated goal is to identify potential discrimination and facilitate enforcement of fair lending laws. Think of it as HMDA (Home Mortgage Disclosure Act) for small business loans.

The CFPB's final rule was issued in March 2023, but compliance is staggered. The trigger is the number of "covered credit transactions" for small businesses. Here's the kicker many miss: "covered credit" includes not just term loans and lines of credit, but also credit cards, merchant cash advances, and even certain types of factoring. If your product is used for business purposes, it's likely in scope.

Why now? There's been a persistent lack of public data on small business lending. Researchers and advocates have argued this gap makes it impossible to see if women-owned, minority-owned, or LGBTQ+-owned businesses face systemic barriers. The 1071 data aims to fill that void. The CFPB will publish the aggregated data, and honestly, some of the findings might be uncomfortable for the industry.

Key Data Points Lenders Must Collect

The rule requires over 20 data points for each application. It's not just about the loan outcome. You'll need to delve into the applicant's demographics and the action you took. This is where loan officers will need new scripts and processes.

The data falls into a few buckets:

  • Application Details: Date, type of credit, amount applied for, and the action taken (approved, denied, withdrawn).
  • Pricing Data: The interest rate, total fees, and whether the rate is fixed or variable. For denied applications, you'd report the rate you would have offered.
  • Demographic Data: This is the most sensitive part. You must ask for the principal owner's ethnicity, race, and sex. You also must ask if the business is a "minority-owned business," "women-owned business," etc. Crucially, this information must be collected via a self-identification form from the applicant—you cannot visual guess or use proxies.
  • Geographic Data: The census tract where the business is located.

Here’s a breakdown of the critical demographic collection requirements that will require new forms and procedures:

Data Point Category Specific Information Required Biggest Challenge for Lenders
Business Owner Demographics Ethnicity (Hispanic/Latino or Not), Race, Sex Getting applicants to voluntarily disclose this sensitive information without damaging the customer relationship.
Business Classification Minority-owned, Women-owned, LGBTQI+-owned status Explaining the purpose clearly to avoid seeming intrusive or accusatory.
Application & Pricing Loan type, amount, action taken, interest rate, fees Systematically capturing the "would-have-been" pricing for denied applications.
Reporting Logistics Census tract, application date, NAICS code Integrating new data fields into existing loan origination systems (LOS) and core platforms.

The technical guide from the Federal Reserve is a good resource for understanding the broader regulatory context, even though the CFPB is the primary enforcer.

How the Rule Impacts Different Sized Lenders

The impact isn't one-size-fits-all. The rule tiers compliance deadlines based on your lending volume. This was a concession to smaller community banks and credit unions, but don't let the later deadline lull you into inaction.

Major Banks and High-Volume Non-Bank Lenders

If you originated at least 2,500 covered small business loans in both 2022 and 2023, you're in the first tier. Your compliance deadline is October 1, 2024. For these institutions, the challenge is scale. They need to retrofit massive, often legacy, loan origination systems. The data collection forms need to be integrated into digital and in-person processes nationwide. The cost is significant, but the budget exists. Their bigger risk is reputational—being first to report means being first in the spotlight when the CFPB publishes the data.

Midsize Lenders (500-2,499 loans)

Your deadline is April 1, 2025. You have more time, but often fewer technical resources. This group includes many regional banks and larger credit unions. The smart ones are using this time to evaluate vendor solutions. Can your core provider handle this? Do you need a bolt-on software? This is also the time to train loan officers. Asking for demographic data is a new skill that needs to be framed positively to avoid alienating customers.

Small Community Banks and Credit Unions (100-499 loans)

Your deadline is January 1, 2026. You might think you have forever. You don't. The compliance burden per loan is arguably heavier for you. You lack a dedicated compliance army. My advice? Start a pilot program in late 2024. Pick a loan product and manually collect the data for a few applications. You'll uncover practical issues—awkward conversations, forms getting lost, how to store the data securely—that you can solve before the rule hits.

A Non-Consensus Viewpoint: Many small lenders hope for an exemption or further delay. I wouldn't bet on it. The legal mandate is clear, and the CFPB is prioritizing this. Using your size as an excuse for inaction is the fastest way to a painful 2025 scramble and potential penalties.

A Step-by-Step Compliance Roadmap

Don't wait for the deadline. Here’s a phased approach based on what I’ve seen work for institutions that aren't panicking.

Phase 1: Assessment & Gap Analysis (Months 1-3)

  • Calculate your exact volume of "covered credit transactions" for the past two years. Don't guess. Pull the data.
  • Map your current application process. Where does data enter? What does your LOS currently capture?
  • Identify the gap between your current state and the 20+ required data points.

Phase 2: Technology & Vendor Selection (Months 4-7)

This is critical. Talk to your core processor (like Fiserv, Jack Henry, or FIS) about their 1071 solution. Get specifics, timelines, and costs. If they can't meet your needs, research specialized compliance software vendors. Factor in not just purchase price, but integration effort and ongoing support.

Phase 3: Process & Policy Design (Months 8-10)

  • Draft the self-identification form for demographic data. The CFPB provides a model form, but you may need to adapt it.
  • Write a script for loan officers. It should explain why you're asking these questions (e.g., "Federal law requires us to collect this data to help ensure fair lending practices...").
  • Designate who will be responsible for submitting the annual data to the CFPB.

Phase 4: Training & Pilot Testing (Months 11-12)

Train everyone who touches an application—loan officers, tellers, digital platform managers. Then, run a live pilot. Process 10-20 real applications using the new forms and procedures. The goal is to find the friction points before the rule goes live. You'll be shocked at what you learn.

Phase 5: Full Implementation & Reporting

Flip the switch. Begin mandatory collection on your compliance date. Monitor the process closely for the first quarter. Then, focus on the annual data compilation and submission. The Small Business Administration (SBA) website, while not the enforcer, has resources that can help you understand the small business perspective, which is useful for crafting your customer communications.

Frequently Asked Questions (Answered by a Compliance Veteran)

My bank only makes a few small business loans a year. Do we really need to comply?
The rule has a threshold. You only need to comply if you originated at least 100 "covered credit transactions" in each of the two preceding calendar years. So, if you did 90 one year and 110 the next, you're still under the threshold. But track this number religiously. If you hit 100 two years in a row, the clock starts ticking. Many tiny banks will be exempt, but don't assume—calculate.
What happens if a business owner refuses to provide the demographic information?
You are required to ask, but the applicant is not required to answer. This is a key point. You must note that you requested the information, and the applicant chose not to provide it. You then report the application with the data you have, leaving those fields blank. You cannot deny a loan because an applicant declines to self-identify. Your loan officers need to be trained to handle this refusal gracefully without pressure.
We use a lot of third-party loan brokers. Are we responsible for their data collection?
Yes, and this is a major pitfall. If you are the creditor—the entity ultimately extending the credit—the compliance obligation rests with you. You must have procedures to ensure that brokers, online platforms, or other third-party arrangers are collecting the required 1071 data and passing it to you in a usable format. Your agreements with these partners need to be updated to mandate this. You can't outsource the legal responsibility.
How will this data actually be used? Are we just creating paperwork for regulators?
It's far more than paperwork. First, the CFPB will use it for enforcement. Patterns of disparities in denial rates or pricing could trigger fair lending exams. Second, and more importantly, the data will be public. Community groups, journalists, and competitors will analyze it. A pattern showing low lending in certain census tracts or to certain demographics could damage your reputation. Conversely, strong data could become a marketing tool for community-minded banks. Think of it as public accountability, for better or worse.
What's the single biggest mistake lenders are making in their preparation?
Treating it as solely an IT or compliance department problem. The demographic data collection is a frontline, customer-facing issue. If you don't bring your lending team into the planning process early, you'll design a system that works on paper but fails in the real conversation with a nervous small business owner. The loan officer's ability to explain this confidently and empathetically is the linchpin of successful compliance.

The 1071 proposed rule is now a final rule with deadlines. It represents a significant operational shift. The lenders who start now, who engage their teams, and who see it as more than a reporting exercise will not only avoid penalties but might also gain valuable insights into their own lending portfolios and community impact. The data is coming. The question is whether you'll be ready for what it reveals.

Related Articles

American Bloodbath Sweeps Globe! India on Brink

American Bloodbath Sweeps Globe! India on Brink

Here is the translation of the provided text into English: Trouble seems to be brewing again as the U.S. is sweeping across the globe, and India is on the verge of collapse.Currently, Wall Street con...
Sep-03, 2024
Americans Seek to Regain Oil Control

Americans Seek to Regain Oil Control

The U.S. is attempting to regain control over global oil, aiming to ascend to the peak of dominance once again, and subsequently initiate a resource war.Will the U.S.'s aspirations truly come to fruit...
Aug-30, 2024