The Online Compliance Consulting Dashboard has been enhanced!

Visit compliance.smslp.com for more information.

Featured Content

Finally, the 1071 Rule Has Arrived

On March 30^th, the CFPB’s final rule implementing section 1071 of the Dodd-Frank Act was released. 

The final rule amends Regulation B. It requires certain financial institutions to collect and report certain small business loan data. That data includes, among other things, information on minority-owned, women-owned, and LGBTQI+-owned businesses.

What are some important highlights of the rule?

At a high level, financial institutions should remain aware that one of the primary purposes of section 1071 is to facilitate the enforcement of fair lending laws. The new data collection and reporting provisions will result in the creation of the first comprehensive database of small business credit applications in the United States. 

The rule impacts “covered financial institutions” that originated at least 100 covered credit transactions for small businesses as defined in the rule in each of the two preceding calendar years. The dates by which covered institutions are required to comply are specified into four categories, with compliance being required the earliest for institutions that originate the most covered credit transactions, as follows:

• Tier 1 - A covered financial institution that originated at least 2,500 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning October 1, 2024.
• Tier 2 - A covered financial institution that is not in Tier 1 and that originated at least 500 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning April 1, 2025.
• Tier 3 - A covered financial institution that is not in Tier 1 or Tier 2 and that originated at least 100 covered credit transactions for small businesses in each of calendar years 2022 and 2023 shall comply with the requirements of this subpart beginning January 1, 2026.
• Other - A financial institution that did not originate at least 100 covered credit transactions for small businesses in each of calendar years 2022 and 2023 but subsequently originates at least 100 such transactions in two consecutive calendar years shall comply with the requirements of this subpart in accordance with §1002.105(b), but in any case no earlier than January 1, 2026.

The rule includes special transitional provisions, clarification on what applications and transactions are included in the scope, detailed information on what data is to be compiled, firewall provisions, data reporting requirements, and recordkeeping.

So what's a financial institution to do?

An important first step is to review the final rule to determine its applicability to your institution. This should be followed by establishing a project team to work through implementation, which should consider budgeting for additional staff and technological needs. 

Sheshunoff clients should also review our recent Compliance Alert – “Regulation B Small Business Lending Data Collection.” 

Going forward, institutions should remain cognizant of new resource information that is being provided to support compliance. Sheshunoff will increase content on this topic within the Online Compliance Consulting Dashboard. We anticipate the CFPB will continue to provide resources for support on their Small Business Lending webpage, such as the Sample Data Collection Form that was provided in multiple file formats on April 17, 2023.

New UDAAP-Related Guidance

Earlier this month, the CFPB issued a policy statement regarding the prohibition on abusive conduct in the consumer marketplace. As the CFPB explained:

“Policy statements provide background information about laws the CFPB administers and articulate how the CFPB will exercise its authorities, but they do not impose new legal requirements.”

As financial institutions are aware, the discussion of Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) has been on the increase in recent years and regulators have increased their scrutiny. This new related policy guidance on abusive conduct is the third policy statement issued on the topic. Institutions may find this statement, and previously issued statements, as follows:

• Abusive Conduct Policy Statement – issued by the CFPB in 2023
• Policy Statement on Unfairness – issued by the FTC in 1980
• Policy Statement on Deception – issued by the FTC in 1983

While the topic of UDAAP has been around for years, institutions should remain aware of any new guidance that helps provide clarification on how authority will be exercised.

This new guidance provides significant analysis about the two abusiveness prohibitions, i.e. an act or practice that: a) materially interferes with the ability of a consumer to understand a term or condition, and b) takes unreasonable advantage of a lack of understanding, the inability of the consumer to protect their own interests, or the reasonable reliance by the consumer on a covered person to act in the consumer’s interests. 

Sheshunoff continues to encourage clients to remain aware of developing issues and guidance related to UDAAP. At a minimum, one consideration would be to determine whether any internal UDAAP-related policy has only received an annual date change. If no other changes have been made to such a policy, it may be an indicator that the policy is not keeping pace with what the CFPB refers to as “evolving norms, economic events, and judicial interpretations.”

Attn.: BSA Officers - New FinCEN Analysis

At the end of March, FinCEN issued a financial trend analysis report for business email compromise in the real estate sector (RE-BEC). 

The analysis highlights trends and patterns identified in BSA data regarding RE-BEC activity. This information can be particularly helpful to BSA staff in understanding what current activity looks like, which can further assist in suspicious activity monitoring. 

BSA practitioners may recall that FinCEN issued an Advisory in 2016 and an Updated Advisory in 2019 focused on email compromise fraud schemes. These Advisories provide helpful information on BEC, as well as Email Account Compromise (EAC). As needed, appropriate staff should review these Advisories for information on the topic that includes, among other things, information on typologies, red flags, and operational definitions. 

Highlights from FinCEN’s 2023 analysis include:

• The most common victims of impersonation were individuals and entities involved in the title and closing processes within a real estate transaction.*
• Money mules were often involved in the movement of funds following these incidents.
• Nearly 88% of all incidents involved initial transfers of fraudulent funds to accounts at U.S. depository institutions as opposed to accounts outside the United States.

*Financial Trend Analysis, Figure 2: Impersonated Parties in RE-BEC BSA Filings,

January 2020 to December 2021

Interested persons may find FinCEN’s 2032 Financial Trend Analysis of RE-BEC here.

Poster Update: FDIC-Supervised Institutions

The FDIC recently published a technical correction of their Fair Housing Rule in the Federal Register. The correction reinserts a previous instruction regarding their Equal Housing Lending (EHL) Poster that is for the institution to insert on their EHL posters the appropriate mailing address for the National Center for Consumer and Depositor Assistance. 

FDIC-supervised institutions should review their EHL posters for this information and make updates as needed. The effective date of this correction to 12 CFR 338 is June 23, 2023.

Institutions that are unsure which mailing address to use should contact the FDIC. Interested persons may find the FDIC’s correction here.  

In Case You Missed It!

The FFIEC recently issued the 2023 edition of their HMDA “Getting It Right! Guide.  

The Guide provides resources to help institutions comply with Regulation C. This newest edition reflects a technical amendment to the 2020 HMDA rule to adjust the loan volume thresholds effective January 1, 2023, for closed-end mortgage loans. 

Sheshunoff clients can find the 2023 Guide on the Online Compliance Dashboard. Other interested persons may find it on the FFIEC’s website here.