Significant Regulatory Changes Are About to Impact Your Training & Policy Management

2023 was extremely eventful in the financial services industry, and things are not expected to slow down throughout 2024. Several major regulatory updates have been made that affect current training programs. As financial services leaders, it is crucial to stay informed and update all training programs and policies to ensure standards are met.

Both updates to Section 1071 and Section 1033 impact data collection and ownership, internal training programs and policy management.

Section 1071: Small Business Data Collection Act

Section 1071 requires credit unions and other covered financial institutions to collect and report information on small business loan applications based on certain thresholds established in the Act. A financial institution must have at least 100 covered originations in each of the two preceding calendar years to be covered. Covered financial institutions are not required to aggregate originations at the parent or holding company level, and they are not required to report the covered originations produced by an affiliate.

Covered credit transactions are extensions of credit primarily for business, commercial or agricultural purposes unless excluded under the final rule. Covered credit transactions include loans, lines of credit, credit cards, merchant cash advances and other credit products. They include the following types of lending activities:

• Reevaluations, extensions or renewal requests on an existing business credit account only when there is an increase in credit;
• All refinances, regardless of the dollar amount requested;
• Inquiries and prequalification requests;
• Reviews or evaluations initiated by the covered financial institution; and
• Solicitations and any firm credit offers.

The regulation requires that covered financial institutions not discourage applicants from responding to requests for primary owner demographic data. They must maintain procedures for collecting the data before the final loan decision and in a reasonable manner, and the request for such data must be prominently displayed. Institutions must provide adequate training to loan officers and any others involved in data collection. The law includes a safe harbor for covered financial institutions that initially collect demographic data of the applicant’s principal owners pursuant to the final rule but later determine that it should not have collected that data if the institution had a reasonable basis for believing that the applicant qualified as a small business.

Section 1033: Personal Financial Data Rights

Section 1033 requires covered entities to make transactional data and other information concerning consumer financial products or services that the consumer obtains from a covered entity available to consumers upon request. The Consumer Financial Protection Bureau’s (CFPB) goal with Section 1033 is to provide options to strengthen consumers’ access to and control over their financial data.

Open banking implements the concept that consumers should be the ultimate owners of their financial data, be free to access and share it, and have the choice to obtain products and services from whomever they choose. Covered data providers are defined as a “financial institution” under Regulation E or a “card issuer” under Regulation Z. Organizations offering digital wallets would be required to comply with the rules. Covered accounts would include any checking, savings, consumer assets or prepaid account held directly or indirectly by a financial institution and established primarily for personal, family or household purposes, as well as credit card accounts and digital wallets. Importantly, commercial or business accounts, open-end credit accounts that are not credit cards, and closed-end loan accounts are exempt from the requirements.

Six categories of information that we expect to be part of the requirements are:

• Periodic statement information regarding transactions and deposits that have been settled ; Information regarding prior transactions and deposits that have not yet been settled;
• Information about prior transactions not typically shown on periodic statements or not available with online banking systems;
• Online banking transactions that have not been processed yet;
• Account identity information; and
• Other information, such as consumer reports used to qualify a consumer for a product or service; fees, bonuses, rewards, discounts or other incentives; and information about security breaches that expose a consumer’s identity or financial information.

Comments on the regulation were due to the CFPB by Dec. 29, 2023. According to the Federal Register, 5,956 comments were submitted, including a letter from America’s Credit Unions (formerly CUNA and NAFCU). If finalized, the rule will go into effect 60 days after it is published in the Federal Register.

Regulatory updates constantly impact the financial industry and require evolving training programs and procedures to help maintain this multifaceted ecosystem. As financial services leaders who oversee the execution of services for consumers, it is important to stay informed and prioritize the education of employees so they can be confident in their work and recommendations.

Chris Boersma is a Product Manager for the Chicago-based financial services training and research nonprofit BAI.