American banks have faced a barrage of regulatory changes during the course of this year. With many of the CFPB’s new rules involving data collection, bankers are feeling the strain.
At a certain point, the collection, analysis, and reporting of all this data increasingly becomes a challenge regardless of the bank’s size,” said Peter Dugas, Executive Director at Capco. “Financial institutions are just being overwhelmed with data. And then the complexity around that is causing further risk.”
One rule is causing particular contention. Section 1071 of the Dodd-Frank Act for Consumer Protection posed requirements for financial institutions to update their approach to small business lending. According to the regulation, extensive information on the small business loan applications lenders receive will have to be reported to the CFPB. The move aims to increase transparency, helping the regulators to gain insight into lending practices and pass additional rules to support equal access to credit.
“The impact of the rule will be in the comprehensive data that it produces, which can be used by lenders, borrowers, and the broader public to achieve better credit outcomes for small businesses and communities across the country,” said CFPB Director Rohit Chopra at the announcement of the rule.
The final rule was passed in March 2023, and since then, there has been a lot of retaliation. In October, following months of petitions and injunctions nationwide, the District Court of Texas issued a nationwide stay of the rule. While the rule is expected to still be implemented, the stay aims to delay it, along with the dates of financial institutions’ compliance.
Could Pose Compliance Issues
“The challenge is the compliance with the rule due to the complexity and the overall data collection,” said Dugas. “People have completely underestimated the complexity of this.”
Already, banks collect a number of data points for their compliance with banking regulations. For those with limited resources, tracking this data can be a challenge. Dugas explained that the 1071 rule could add a level of data collection that needs significant strategization.
“There are eighty-plus data points, some provided by the banks or financial institution, some provided by the small business,” he said. “So there are several challenges for institutions to be able to understand their systems, understand their lending, understand how they’re going to collect the data, how they’re going to analyze the data, what framework they’re going to collect the data within.”
The 1071 rule was the first in three major regulatory shifts put forward by the CFPB. The Community Reinvestment Act changes, and the proposed Dodd-Frank 1033 rules also place great focus on the collection and processing of data.
RELATED: CFPB Proposes Rule to Accelerate Open Banking
The challenges presented by the data-heavy rules affect banks of all sizes. With community banks serving 67% of small businesses for credit needs, they add critical insight into the financial sectors’ lending practices. However, the extra processing required could stretch small institutions’ already limited resources.
“Increasingly, regulators are expecting much more complex compliance or risk management frameworks in order for them to comply with rules,” explained Dugas. “Community banks feel, correctly so, they should not be judged at the same level of complexity and sophistication as a large global tier one bank.”
He said that for the larger banks, the challenge lies in breaking down silos traditionally integrated into their framework. “Trying to break down those silos, when you’re trying to comply with large complex rules, creates challenges internally to an institution. They have to understand disparate systems, different processes, legal entities, different operating frameworks, different business models.”
The extra data requirements have caused other stakeholders to express concerns. Aside from the banking sector’s worries about risk and compliance, small business groups have also opposed the rule, stating that it could result in limiting small business’ access to credit.
“It is a concern,” said Dugas. “But it’s more anecdotal at this point. We haven’t seen anyone announce that they’re going to be pulling out a small business lending because of section 1071.”
“The hope is that the other side of the section 1071 rule is that once these institutions have better data and have better analysis, they’ll better serve these communities and understand what products and services should be offered.”
Approaching the Compliance Requirements “Holistically”
Despite the challenges posed by the rules and the ongoing resistance, the understanding across the sector is that, eventually, banks will have to comply. The way institutions are approaching the new requirements has taken a number of forms.
“On the banking side, because it’s connected to CRA, sometimes it’s starting with compliance and risk management,” explained Dugas. “When you read the rule, it’s really led first by policies and procedures, which would imply that they need to govern the activities from a compliance risk management perspective. And that data underpins it.”
“Other institutions say it’s a data collection requirement, and data is going to lead…The smart ones are combining both and looking at this holistically..institutions are going to have to really think about the context of how they collect that data, how to communicate it, and how they understand their cultural interpretations of certain areas they’ll be collecting data from, and really understand how they can encourage those individuals to provide that data. So then could be further reported to the CFPB to better determine whether, in fact, they’re complying with the rule.”
Dugas explained that already, the engagement of banks in how to collect and process data had surfaced a number of insights that could help them tailor products. Ultimately, the new rules, while presenting challenges, have the potential to benefit both the institutions and the customers they serve.