Banking & Finance

Navigating Section 1071: What You Need to Know

Explore key insights into the Dodd-Frank Act Section 1071 and how to stay compliant while gaining a competitive edge.


On March 30, 2023, the Consumer Financial Protection Bureau (CFPB) updated Section 1071 of the Dodd-Frank Act.

This change requires financial institutions to collect and report detailed data on credit applications from small businesses — particularly those owned by women and minorities. The goal? To promote fairness and transparency in lending while ensuring equal access to credit. 

But this rule has sparked controversy. Critics point to the privacy concerns and the substantial administrative burden it places on financial institutions. Section 1071 demands that financial institutions not only collect and manage detailed demographic data but also securely store it. On top of that, they must comply with strict record-keeping rules and potential audits. 

These tasks require significant resources, including updated technology systems, employee training, and nuanced data protection measures. As institutions work to meet these new standards, they face the difficult task of balancing transparency with the need to protect sensitive information. 

This guide will walk you through why Section 1071 is important, who it affects, and how your organization can stay compliant.

Why Is Section 1071 Important?

Section 1071 is crucial because it champions fair lending practices for small businesses — key players in the U.S. economy. They employ nearly half of the American workforce and contribute 43.5% of the nation’s GDP. Ensuring small businesses have equal access to credit is, therefore, necessary for balanced economic growth and innovation. 

Section 1071 aims to promote transparency in lending by mandating data collection on credit applications, which helps identify discriminatory practices. However, this requirement brings challenges. Financial institutions must overhaul their data systems to meet compliance requirements, sparking concerns about privacy and security.

Most small businesses don’t have the technological capacity to collect this kind of data without incurring serious, unmitigated information security risks. Compliance demands advanced cybersecurity measures, such as:

  • Encrypted storage
  • Secure access protocols
  • Regular security audits

Yet, many small businesses lack the infrastructure and expertise to implement these safeguards, making them vulnerable to data breaches. With 61% of data breaches targeting small businesses, these capability gaps pose a real threat to data privacy. 

Navigating Section 1071: What You Need to Know

Additionally, compliance deadlines vary based on the size of the institution, meaning each must accurately assess its transaction volumes and update systems accordingly. Beyond system upgrades, significant staff training is essential to manage new data collection protocols and ensure adherence to regulations.

Who Does Section 1071 Affect?

Section 1071 aims to protect small businesses from discriminatory lending by giving regulators the data they need to monitor lending patterns. This means the rule affects two main groups: financial institutions and small businesses. 

Financial Institutions

Banks, credit unions, and other lenders must now comply with the new data collection and reporting requirements outlined in Section 1071. They must collect and report data about small business owners when these businesses apply for credit. The requirement applies to institutions of all sizes, with specific compliance deadlines depending on their transaction volumes.

Small Businesses

Businesses with gross annual revenues of $5 million or less are directly impacted by Section 1071. When applying for credit, they must provide detailed information, including: 

  • Gross annual revenue 
  • Owner’s demographic information, including race, ethnicity, and gender
  • Business size and type, such as the number of employees and whether it is a sole proprietorship, partnership, or corporation
  • Purpose of the credit application, such as working capital, equipment purchase, or expansion
  • Location of the business, including the state and zip code

Navigating Section 1071: What You Need to Know

When Does Section 1071 Go into Effect and Who Needs to Comply?

Section 1071 took effect 90 days after its publication, on June 28, 2023. However, compliance deadlines vary based on the number of covered originations — a term that includes any extension, renewal, or amendment of a credit transaction made to a small business — a financial institution has. 

Here’s how the reporting deadline tiers break down:

  • October 1, 2024: Institutions with more than 2,500 covered originations in 2022 and 2023.
  • April 1, 2025: Institutions with 500 to 2,500 covered originations in 2022 and 2023, and at least 100 covered originations in 2024.
  • January 1, 2026: Institutions with over 100 covered originations in 2024 and 2025.

It’s important to note that nonprofit organizations and governmental entities are not considered small businesses under this rule.

What Data Needs to Be Collected and Reported?

Under Section 1071, financial institutions must collect and report specific data points for small business credit applications. These include:

  • Demographic information of the principal owners, including race, ethnicity, and sex
  • Whether the business is minority-owned, women-owned, and LGBTQI+-owned 
  • The type and purpose of the credit being applied for, such as working capital, equipment purchase, or business expansion
  • The amount of credit applied for and the amount approved or originated
  • The action taken on the application and, if applicable, reasons for denial
  • The census tract of the applicant's principal place of business
  • The applicant’s gross annual revenue

FileInvite: Your Partner in Section 1071 Compliance

If you’re a small business owner or work in financial services, the sheer amount of work these changes bring — along with the compliance risks — may seem overwhelming. But FileInvite’s secure document collection and storage platform can help your organization get ready and boost your confidence in your compliance strategy. 

Document Collection

FileInvite’s document collection software streamlines the process of gathering required data by automating document requests and management. For financial institutions complying with Section 1071, this tool is particularly valuable. It simplifies the collection of key information, such as:

  • Demographic data
  • Business status
  • Application date
  • Loan terms
  • Applicant’s principal place of business

FileInvite also enables institutions to create customizable document request templates tailored to the specific data requirements of Section 1071, making the collection process even easier.

Automated reminders and follow-ups cut down on manual workload and reduce the risk of missing deadlines or overlooking essential documents. By centralizing all document requests and responses on a secure platform, FileInvite lowers the risk of unauthorized access or data breaches. Additionally, FileInvite integrates seamlessly with other software tools and systems, allowing for smooth data transfer with minimal manual errors.

This level of automation gives even small businesses with limited IT capabilities and budgets the tools to manage large volumes of data efficiently while meeting the strict reporting requirements of Section 1071. As a result, organizations can focus more on their intended operations, rather than being bogged down by administrative tasks tied to data collection and compliance.

Secure Data Management

FileInvite’s secure platform helps financial institutions and small businesses maintain compliance with firewall requirements by protecting sensitive data throughout the document collection and management process. Under Section 1071, institutions must safeguard demographic and financial personally identifiable information (PII) against unauthorized access, especially by those involved in credit decision-making. 

FileInvite’s platform meets these needs with robust security features:

  • End-to-End Encryption: Guarantees data is encrypted during transmission and storage, preventing unauthorized access or data breaches.
  • Role-Based Access Controls: Limits access to sensitive information based on user roles, so only authorized personnel can view or handle specific data.
  • Audit Logs and Activity Tracking: Monitors and records all user activity within the platform, providing a detailed trail that can be reviewed for compliance and security purposes.

Without these tools, small businesses often collect the required data for Section 1071 compliance manually — typically using email or paper forms to gather sensitive information from applicants. This approach carries multiple risks and can violate data privacy regulations like the Gramm-Leach-Bliley Act (GLBA), Federal Information Security Management Act (FISMA), and Health Insurance Portability and Accountability Act (HIPAA). 

For instance, many popular email platforms for business like Gmail and Outlook use only transport layer security (TLS), which encrypts data during transmission but not in storage. To meet compliance standards, users of the platforms must enable S/MIME encryption to ensure emails containing PII:

  • Are encrypted at rest
  • Require unique decryption keys, separate from email login credentials
  • Meet payment card industry (PCI) requirements

 

Secure Document Collection: 3 Ways to Protect Your Clients’ Personal  Information (PII)

 

In contrast, using FileInvite allows small businesses to securely collect and manage the required data. The platform automates document requests and tracks submissions, ensuring all necessary information is gathered efficiently and on time. FileInvite’s end-to-end encryption protects sensitive data during transmission and storage, while role-based access controls ensure only authorized personnel can access specific data points, reducing the risk of internal breaches. 

Additionally, audit logs and activity tracking provide a comprehensive record of data handling activities, helping institutions demonstrate compliance with Section 1071. This secure, organized approach minimizes risks and ensures all regulatory requirements are met effectively.

Customizable Workflows

FileInvite’s customizable workflows empower financial institutions and small businesses to tailor data collection and reporting processes to meet specific needs, including the requirements of Section 1071. The platform allows users to create unique document request templates and set up automated reminders, streamlining the collection of required data points like demographic information, business status, and financial details. 

By automating these tasks, FileInvite reduces manual errors and ensures that all necessary information is collected efficiently and securely. This flexibility in workflow customization enables seamless integration with existing systems and helps institutions adapt quickly to regulatory changes.

Prepare for Section 1071 with FileInvite

Section 1071 brings new challenges, but financial institutions can navigate these requirements effectively with the right tools and preparation. FileInvite offers customizable workflows and secure data management, ensuring seamless compliance and efficient data collection. With FileInvite, both financial institutions and small businesses can confidently meet regulatory standards without overburdening their staff or exceeding their budgets.

To learn more about staying compliant and protecting customer PII, request a demo of FileInvite today.

Stay ahead of your competition with FileInvite

Related Posts:

Similar posts

Gather all the documents, signatures, and data you require up to 80% faster.

Eliminate the monotony of back-and-forth emails and inefficient systems when gathering client information. Get hours back each week as FileInvite handles the most time-consuming work for you.

Get started in as little as 5 minutes.

Stay in-the-loop. Subscribe here to receive the latest from FileInvite.