CFPB Proposal: Small Business Lending Data (Section 1071)
Narrowing the scope for covered institutions and data collection points
KPMG Regulatory Insights
- Regulatory pullback: Proposed amendments would narrow the regulators’ focus to items specified in section 1071 and executive order directives.
- Regulatory tailoring: Increased origination threshold (from 100 to 1,000) is expected to reduce the number of smaller covered institutions but to continue to cover “well over 90 percent” of small business loan originations.
- Ongoing legal challenge: Legal challenges to the 2023 final rule remain ongoing and compliance with the rule has been stayed for some market participants; it is uncertain whether the proposed rule addresses the plaintiffs’ concerns.
- Regulatory uncertainty: A potential lapse in CFPB funding after December 31, 2025, may impact the agency’s operations and rulemaking activity.
November 2025
The Consumer Financial Protection Bureau (CFPB) issues a proposed rule that would amend its small business data collection rule under the Equal Credit Opportunity Act and Regulation B, which implements section 1071 of the Dodd-Frank Act. The proposed changes would narrow the scope of the 2023 final rule, as amended, (see KPMG Regulatory Alert here) in several areas, including:
- Defined Terms
- Data Collection
- Compliance Date
Comments on the proposed rule will be accepted through December 15, 2025.
1. Defined Terms
The CFPB proposes the following changes:
- “Small business”: would be amended to include businesses with annual gross revenues of $1 million or less in the previous fiscal year rather than the current $5 million threshold.
- “Covered credit transactions”: would be amended to exclude merchant cash advances (MCAs), agricultural lending, and small dollar loans (defined as transactions less than $1,000).
- “Covered financial institutions”: would be amended to:
- Exclude Farm Credit System (FCS) lenders
- Increase the origination threshold from 100 to 1,000 covered credit transactions for each of two preceding consecutive years (beginning 2026 and 2027).
2. Data Collection
The CFPB states the proposal aims to simplify data collection by focusing on data points “specifically identified in section 1071 and a limited number of other data points needed to facilitate the collection of these statutory data points.” As such, the proposed amendments would:
- Eliminate “discretionary” data points including the application method, application recipient, denial reasons, pricing information, and number of workers.
- Eliminate data points to conform with Executive Order 14168, including LGBTQI+-owned business status and the free-form text field to describe the demographic data of the principal owners.
- Seek comments on whether to revise the current requirement to collect both race and ethnicity data points or to require only aggregate data.
- Add the requirement that covered financial institutions must inform applicants of their right to refuse to answer the financial institution’s inquiries regarding business status (e.g., women-owned, minority-owned) and “ethnicity, race, and sex” of the principal owners.
3. Compliance date
The proposal would modify compliance expectations by eliminating the tiered compliance dates and requiring all covered financial institutions (as defined by the rule and based on originations in 2026 and 2027) to comply with the rule (as finalized) beginning January 1, 2028.
Dive into our thinking:
CFPB Proposal: Small Business Lending Data (Section 1071)
Narrowing the scope for covered institutions and data collection points
Download PDFExplore more
Get the latest from KPMG Regulatory Insights
KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.
Meet our team
