ELFA - Equipment Leasing and Finance Association - Equipping Business for Success
Equipment Leasing & Finance

Countdown to Compliance

How experts are helping equipment finance firms tackle Section 1071

It’s still being challenged in court. Compliance deadlines have been pushed back. And who knows what will happen after the election?

But our experts agree: Simply wishing for Section 1071’s new data requirements to go away is not a practical strategy, especially since the first compliance deadline is less than a year away.

Moorari Shah, partner at law firm Sheppard Mullin Richter & Hampton LLC, explains the rule’s intent: “Section 1071 aims to uncover possible discriminatory practices in small business lending.”

The equipment finance industry’s core obligation under Section 1071’s requirements is to gather both demographic information and transaction details and then report them to the Consumer Financial Protection Bureau (CFPB). The agency will then analyze this data to identify potential bias. (For links to detailed Section 1071 information, check out the sidebar below.)

But the devil is in the details.

Equipment finance companies now collect almost no demographical information about applicants.  “Section 1071 will require businesses to collect more than 80 different data points, so the increased workload is significant,” says Andy Fishburn, ELFA Vice President, Federal Government Relations.

Complying with Section 1071 requires you to be proactive, say our experts. Consult with your service providers – especially legal advisors and software vendors – to map out your compliance path.

Uncertainties

By the time this article is released, the U.S. election will have taken place. Depending on the results, it’s possible the rules might be paused and/or reevaluated. In addition, future court decisions could lead to rule changes, or the elimination of the rule in its current form.

But given the complexity and potential impact of Section 1071, equipment finance companies should develop their implementation strategies now, regardless of potential changes to the rule.

“The train has left the station,” says Jeffrey Bilbrey, CEO, Leasepath.  “Something about this ruling is going to be implemented, even if it gets slowed down or modified. Companies would be well suited to get their processes ready.”

“Larger institutions know that it takes time to implement changes such as this, so they’ve already started,” Shah says.

“The big questions we get from clients are who’s affected, what’s required, and how much is it going to cost,” says Benjamin Court, partner with law firm Stinson LLP.

 

Prepare to collect the data

“Make sure your business processes and systems can handle Section 1071 requirements and consult with your legal counsel,” advises Fishburn.

Reviewing CFPB’s Small Entity Compliance Guide is a good initial step, Shah says. (For more resources, see the sidebar below.)

“It’s well worth your time,” Shah adds. “It takes you from implementation to operation to ultimately reporting the data. It will help you determine what you can do on your own and where you might need third-party assistance.”

Another initial step is identifying how many of your customers fall under CFPB’s small business definition, which generally includes companies with $5 million or less in gross annual revenue, Shah says.

A key challenge is the Section 1071 requirement to separate certain collected data from the underwriting process to prevent it from influencing approval decisions.

“Implementing Section 1071 requirements realistically requires technology solutions, especially for data segregation and containment,“ Bilbrey says.

Since many funders already use a third-party system for their originations processes, compliance may require more than just a bolt-on solution. “Every company is unique,” Bilbrey says, “so collaboration with vendors is crucial to ensure systems meet specific needs.”

Also know that staff compliance training will be essential. “Your employees must not be perceived as discouraging customers from supplying the information,” Fishburn says. Different roles may require specialized training approaches, from data management protocols to client communication strategies.

The reality of compliance tiers

Larger volume lenders ­– defined under the rule as having at least 2,500 or more covered small business loan originations per year – will likely have mapped out their compliance strategy, given that their first compliance deadline is July 2025.  (See “Section 1071 Tiers and Deadlines” sidebar.)

Bilbrey cautions that the tiered timeline shouldn’t lead to complacency among moderate and smaller volume lenders, however. He also notes potential impacts on large and smaller lender relationships. “Larger funders may be hesitant to take deals from smaller funders due to additional Section 1071 responsibilities and risks,” he says.

He adds: “Don’t be misled by the tiered timeline. When it’s day one for somebody, it’s realistically day one for the industry.”

 

Collecting the data

Tara Aasand, Vice President, Sales and Relationship Management, LTi Technology Solutions, emphasizes that compliance isn’t solely a software issue: “No software will ever cover 100% of the compliance requirements. There’s always going to be a people-and-process component that the equipment finance company needs to take into account.”

As companies grapple with understanding the regulation, Aasand notes that many ask about their peers’ compliance strategies.

But there probably won’t be a one-size-fits all solution.

“It impacts each equipment finance company differently depending on the requirements,” Aasand says. For instance, a bank’s equipment finance division might be required to collect the data while relying on the corporate level to handle CFPB reporting.

One aspect may be near universal, however. “Most funders want this data in a separate system, away from their core admin or origination systems to avoid accidentally breaching the firewall,” Bilbrey says. “We recommend collecting the data as part of originations but in a different system to facilitate tracking and auditing.”

Data hoops

Section 1071’s data firewall requirement poses challenges for smaller equipment finance companies, Aasand says. “A salesperson may be collecting the information but also have pricing sheets to work through the pricing,” she says. This makes it difficult to keep the collected data separate from the underwriting process.

Lenders face potential additional challenges when applications come through third-party originators such as brokers or dealers.  “For instance, when working through a dealer, there’s usually little interaction between the finance company and the ultimate end user,” Court says. “Many deals are done in an hour or less.”

When multiple entities gather the data, situations could arise where the accuracy of one firm’s data is called into question. While some finance companies expect third parties to collect the additional data during the application process, others may prefer internal control, especially since the CFPB holds funders fully responsible for reported data, Bilbrey notes.

There should be consistent data collection across different entities involved in the origination process, Shah says: “You need to figure out how the handoffs are going to work and how to collect this data in a meaningful way from various sources.”

There are other potential snags on the applicant side. Often, the individual seeking financing may not know the diversity profile of their company’s leadership. For example, a machine shop manager ordering a new drill press might be unaware of the protected class status of the company’s ownership.

Another complication: Equipment finance companies must indicate to applicants that the additional demographic data is valuable, and yet still emphasize this information is voluntary.

“You cannot make it intentionally difficult to collect this data, nor can you imply to your applicants that it’s not important,” Bilbrey says.

Reporting the data

Fishburn emphasizes the need for companies to establish systems for data storage and annual reporting to the CFPB.

Equipment finance companies also should be able to internally analyze this data to identify potential issues, such as possible discrimination based on zip code data, Fishburn adds.

“Analyze your data when it comes in,” Fishburn advises. “How many applications are you collecting, where are customers declining to provide the information, and how does that rate of decline compare to your industry counterparts?”  He suggests industry benchmarking could be coordinated through association efforts.

“It behooves you to start figuring out where you are before you start reporting the data,” Shah advises. “You can identify early whether you have issues and then start remediating. Ultimately that’s what regulators are going to expect you to do.”

Being responsible for the data

In addition to collecting and reporting this data, Section 1071 requires finance companies to store it for three years.

Stinson’s Court emphasizes the security challenges posed by this requirement: “Firms must store sensitive personal and demographic information they wouldn’t normally keep. Protecting this rich data from breaches will require additional IT infrastructure and expense.”

Another consideration: “In a few years, these databases will become public, which is something that people don’t have a full handle on yet,” Fishburn says.

He cautions that once the data is public, governmental and non-governmental entities will analyze it, potentially leading to misinterpretation or misleading conclusions. “The compliance problems down the road are much scarier than the ones that face us today,” Fishburn notes.

“No one knows what the CFPB is actually going to do with the data,” Bilbrey says, “or what they’ll do when they find whatever it is they’re looking for, so it’s a bit scary.”

Where to now?

As equipment finance companies navigate the complexities of Section 1071 compliance, service providers are actively preparing to assist them. Stinson, for example, has created an internal Section 1071 working group, designed to educate clients on the intricacies of the regulation.

“This has been on the horizon for so long that some pushed it to the side,” Court says. “But now it’s here.”

Looking toward compliance, our experts offer the following advice:

  • Fishburn: “Prepare yourself, but with a grain of flexibility, just in case things change down the road.”
  • Bilbrey: “Have the conversation. Tell your service provider what your legal counsel is telling you that you should do. Start there.”
  • Shah: “It’s not a static implementation process. Things are going to change and evolve, and you need to be flexible. The companies that can adjust thoughtfully and deliberately are going to be at an advantage.”
  • Aasand: “Engage, participate and communicate with your service providers.  The more involved and collaborative you are with your service provider, the better solution they will provide to their customer base.”

Section 1071 Compliance Tiers and Deadlines

The timeline for compliance depends on an institution’s annual covered originations involving businesses with less than $5 million gross annual revenue:

  • Tier 1 (2,500+ covered originations): Data collection begins July 18, 2025; initial filing due June 1, 2026
  • Tier 2 (500-2,499 covered originations): Data collection begins January 16, 2026; initial filing due June 1, 2027
  • Tier 3 (100-499 covered originations): Data collection begins October 18, 2026; initial filing due June 1, 2027

Check out these Section 1071 Resources

ELFA has a section on its site devoted to Section 1071. There you’ll find a variety of news stories, court case updates, and compliance resources.

The Consumer Financial Protection Bureau has several links, including the final Section 1071 rule, its Small Entity Compliance Guide, and Filing Instructions Guide.

Tamarack’s CloudComply™ solution provides third-party data collection, secure storage and firewalling – guaranteeing lenders maintain the ability to make credit decisions independent of the gathered demographic data. It can grow with an organization’s needs and ensures regulatory compliance and data management. CloudComply runs on Tamarack’s secure network and integration with an organization’s existing system is accomplished through modern APIs. Benefits realized include:

  1. Effortlessly request applicant demographic data via email & SMS
  2. Easily modify/cancel requests and receive status updates
  3. OnDemand reporting of demographic data
  4. Optional services:
    • Collect CFPB-required financial fields
    • Annual Filing to CFPB
    • Self-Assessment

 

ABOUT THE AUTHOR

Categorized With:

  • SECTION 1071