Compliance, cybersecurity

Are you prepared for Section 1071 of the Dodd-Frank Act?

March 27
Many of you have spent hours preparing for over the last several months for the same thing – Section 1071 of the Dodd-Frank Act. This change goes into effect the end of this month on March 31, 2023, are you ready? In this blog I will give a general overview of the upcoming changes and what they will entail, as well as providing guidance on your next steps and how we at Vala Secure can help.
What is Section 1071?
This is an amendment of the Equal Credit Opportunity Act to help facilitate the enforcement of fair lending laws and to
enable the identification of business and community development needs and opportunities for women-owned, minority owned, and small businesses in particular.
What does this mean for you as financial institutions?
More data collection, of course! You will need to be aware of which of your customers are considered small businesses. Under the new rules, this will include a business who had $5 million or less in gross annual revenue for the company’s preceding fiscal year. Additionally, your hard work on the Beneficial Ownership side will come in handy here as it will help you to
identify whether your business customer is a women-owned or minority- owned small business. Once you’ve identified whether the small business meets the requirements, you will need to collect and report certain data points in a Small Business Lending Application Register. This Register must be reported to the CFPB by June 1st of the year following the calendar-year’s worth of data collection. The collection and reporting process appears to be similar to the HMDA process and likewise with HMDA, the financial institution will be required to make a statement, on its website or otherwise upon request, that the covered financial institution’s Small Business Lending Application Register is or will be available on the Bureau’s website.
What data is to be reported?
You will need to report:
-A unique identifier for each covered application or covered credit transaction
-Application date
-Application method
-Application recipient
-Action taken by the financial institution
-Action taken date
-Credit type
-Credit purpose
-Amount applied for
-Census tract for address of business
-Gross annual revenue for applicant’s preceding fiscal year
-6-digit NAICS code appropriate for the applicant
-Number of the applicant’s non-owner workers
-Applicant’s time in business
-Number of applicant’s principal owners
-Race of principal owners
-Sex of principal owners
-Ethnicity of principal owners
For denied applications only, there will be a data point for denial reasons as well. For applications originated or approved, but not accepted, there will also be data points for the amount originated or approved and for pricing information.
A financial information is required to collect and report the race, sex, and ethnicity of the principal owners of the business. However, if an applicant does not provide any ethnicity, race, or sex information for at least one principal owner, you will need to collect at least one principal owner’s race and ethnicity (but not sex) via visual observation and/or surname if you meet
in person with any of the principal owners (this include video calls). You will also be required to give a notice to applicants informing them that the financial institution is not permitted to discriminate on the basis of an applicant’s minority-owned business status, women-owned business status, or on any principal owner’s ethnicity, race, or sex. A sample data collection form can be found in the Notice of Proposed Rule Making.
What exemptions are there?
Financial institutions that originate less than 25 “covered credit transactions” to small businesses (as defined above) in each of the two preceding calendar years are exempt from the requirements. Also, if more than one financial institution was involved in the origination of a credit transaction, only the financial institution that made the final credit decision approving the application before closing or account opening would count the transaction for purposes of meeting the origination threshold for coverage. For these purposes, covered credit transactions are defined as loans, lines of credit, credit cards, and merchant cash advances (including such credit transactions for agricultural purposes and those that are also covered by HMDA). Excluded transactions include trade credit, public utilities credit, securities credit, and incidental credit.
How can IT Voice help?
We provide annual Lending Compliance Audits where we will review your Small Business Lending Application Register and your method of tracking these requirements as part of our scope. We also provide Monitoring and Transactional Testing we can review your register on a more frequent basis. Please reach out and let us know if you think our services would be a great fit for your institution’s needs.