Navigating Readiness & Expense for Section 1071 Compliance

After 14 years, Section 1071 of the Consumer Financial Protection Bureau (CFPB) moved from the back burner in bank lending under the Dodd-Frank Act. This section mandates financial institutions to report specific data points and allows the CFPB to request additional data to support fair lending laws and identify opportunities for women-owned, minority-owned and small businesses. It also includes provisions on information access, maintenance, and data reporting and publication.

The question about 1071 remains: will it come onto the front burner considering the legal challenges and injunctions that have delayed its implementation for years? Despite these obstacles, 1071 necessitates significant preparation, implementation and continuous monitoring costs for lenders to comply with the new regulations. While banks support transparency in small-business lending, they resist when compliance costs become excessive. Banking and lending executives generally strive to stay compliant, but ongoing delays have created uncertainty about the timing of compliance requirements, suggesting a shift towards prioritization.

Chief Information, Risk, Operating or Financial Officers rarely like a fire-drill when it comes to regulatory compliance, since it typically forces other key initiatives to stall in order to make room to put the fire out in time.

We believe that there are many areas to consider as a bank assesses their compliance readiness, which should be driving discussions across these executive responsibilities. This will drive the risk mitigation and visible plan for compliance readiness.  Are You Ready?

Here are what we believe to be key readiness focus areas and questions for discussion:

1. Data Management Systems & Governance
   • Do we already have sufficient data capture, storage, and management systems that will need to include the additional 1071 data for compliance? Have we assessed what that data is and how much we are and are not already collecting?
   • Does our data management handling system provide a single consistent method for collecting this across all data sources and is it consistent? Are we reliant upon any 3^rd party vendor to meet compliance?
2. Lending/Loan Origination System (LOS)
   • Will our existing LOS support the new 1071 collection & reporting of required data? If not, are we funding an enhancement to, upgrade for, or replacement of our LOS?
   • Will the existing, upgraded, or new LOS allow us to modify LOS controls to restrict access to sensitive demographic data for those involved in underwriting or decision-making?
3. Application Channels
   • Will our integrated channel solution ensure consistent data collection across all application channels (branch, call center, digital, relationship managers, etc.)?
   • What mechanisms are we leveraging to validate and update customer information, especially for newly formed entities with no prior revenue? Do we have gaps in data expected vs. collected and if so, how is that being corrected?

4. Technology Infrastructure
   • Have we assessed the current technology infrastructure’s capability to handle the intake of new data fields and comply with 1071 reporting requirements?
   • How far from completion are we with all applications & infrastructure requirements?
   • Have we confirmed that our existing data management and systems will support 1071 needs?
5. Data Repository and Quality Assurance
   • Is our small-business data collection supported by an existing technology partner that will support our need to aggregate, translate, and prepare required 1071 data for quality assurance and reporting?
   • Have our Quality Assurance (QA) leaders validated the accuracy of data in the collection, storage, and completeness of the required data and signed-off on our readiness?
   • How often is the QA reporting being reviewed with the business before the planned compliance report transmittal to the CFPB?
   • Who is involved in reviewing the QA reporting from the business operations to ensure interpretation of results is consistent with our policies, guidelines, and compliance for 1071?
6. Accessibility Control
   • Have we revised the accessibility to sensitive-demographic data and have controls ensuring restriction by those responsible for our underwriting or decisioning for a small-business borrowing or loan request?
   • Have we reviewed and know that our lending, underwriting, and decisioning training make clear our expectation of accessing only allowable information for their role in the lending processes? Are any changes needed and if so, what communications to all staff will be used to ensure awareness and expectation?
7. Customer Information
   • Is our definition of a small-business today used consistently across all businesses and vetted in the lending process for compliance to 1071?
   • Which customer information system will be the source-of-truth for determining when and if a customer qualifies as a small business?  If not, what is our compensating control process to ensure any changes are made pervasively and completely across each system?
   • Do we have adequate controls and communication with small-business account owners to ensure they don’t see their personal account funds as a leverage for business borrowing without movement of those funds to their business account?
   • Have we planned a marketing communication to our small-business customers that conveys our commitment and support for the intent of 1071?
   • Are we current and consistent in our collection of customer fiscal year revenue results and the sources used by us to validate their financial results?
8. Training and Change
   • Have we developed and completed the training programs for staff involved in the small business lending process to ensure they are aware of and comply with the new requirements?
   • Are the loans being decisioned by our staff being analyzed to help identify any anomalies or outliers for review at the local management level? What is our process for acting on these when found?
   • How are we preparing the staff and management for the change in lending steps to ensure the smoothest transition to the new processes & new tools or technologies?
   • Do we a plan and participants identified with the intent to visibly monitor the processes, data (ie. anomalies, outliers) for a specified period to ensure our compliance?
   • How have our internal compliance audit staff been trained and prepared to ensure 1071 compliance in our current monitoring processes?
   • Do we have monitoring of new staff and management to ensure that their adherence to policy and procedure to meet 1071 compliance in place for their initial 90-days of employment?
9. Reporting
   • Has our reporting been planned for self-service by Compliance or have we determined the reporting that satisfies compliance along with the internal review/verification?
   • What is the internal review process, prior to transmission to the CFPB, and have our staff been trained on the 1071 compliance and understand their role in the review process?
   • Have we ensured consistency with data reported under other regulations (CRA, HMDA, etc.)?
10. Continuous Monitoring and Compliance Audit
    • Have we validated and verified that our current continuous monitoring system to track ongoing compliance with the 1071 ruling has fully embraced our needs for the businesses?
    • Are we or will we conduct regular compliance audits to identify and address any discrepancies or issues promptly?

We can be certain that these discussion topics are in-process within many banks today as compliance is an inherent fiber of competence in business operations leadership, while walking thru this list of topics can help ensure all the bank lending parties are aligned for 1071.  A final thought, 1071 compliance will help lenders to publicly report their consistency in support of small-business lending while mitigating any brand damage that political activists leverage to push for industry change.  Compliance is a reality for our lending organizations and our most progressive ones use diversity as a stepping stone to growth as well as the new reporting will demonstrate.  Those that don’t need to get in-step or exit the industry quickly.

About the Author:

Kevin Ashworth is Delivery Executive with 25+ years of leadership experience in software development and consulting firms from start-up to enterprise scale. His passion is for helping guide clients and colleagues to the right business solutions to grow revenue, reduce costs and minimize compliance risks. Kevin’s experience in financial services spans payments, lending, retail & commercial banking and fraud risk management.