In this Compliance Clip (video), Adam discusses how a financial institution should update their board on the new small business lending data collection and reporting requirement rule (i.e., 1071). While the regulation doesn’t require a board update per se, there are some best practices each financial institution should consider.

Video Transcript

The following is a transcript of this video.

This Compliance Clip is going to talk about updating your Board of Directors on 1071.

The question we have is do we need to update our directors as it relates to 1071? Which of course is the small business lending data collection and reporting requirement that's going to be found in subpart B of Regulation B?

The answer to this is yes, but there's no regulatory requirement. So there's not an actual rule that says you have to update your board, but this really is a best practice that you want to consider. I think it's important to update your board and senior management on 1071 at least a couple of times during the process of implementing the new 1071 rule.

First of all, you're going to want to update them initially and early on in the process. I think it's important to provide an overview of the rule, what you're doing to comply with it, and how it affects your financial institutions. Some financial institutions aren't going to be reporters, but for most of you, you are going to be subject to the 1071 final rule and it's important that you update your board and let them know what is happening in your organization. You're going to have to do things like tell them when you're planning to implement, what your implementation date here is, when you have to start collecting, when your first reporting is, and to let them know if you need additional staff, and what you're going to be doing internally to get everybody on board to be prepared for this new rule.

Now, I think it's a good idea to come up with an implementation plan, which we do have available for you if you want. You can email us at members@compliancecohort.com and we'll send you a copy of an implementation plan for 1071 or a link to get that. But we do have an implementation plan available. I think it's so important to have this implementation plan ready to go so that you can be compliant on time. And basically, what you're gonna do is figure out your compliance date and backtrack all the steps you need to do to effectively implement 1071 in your organization.

Once you have this implementation plan defined and created, I think it's a good idea to present that to your board to let them know what you're doing. And this will show your examiners that the board has oversight of this new rule that is required for your financial institution.

As time goes on, I think it's important to also provide some regular updates and this will depend on the size and complexity of your organization, For some organizations, this may just be a single update. For other organizations, you may want to do quarterly or even monthly updates to your board as to where you're at in the 1071 process. So I do think it's important to give them an update as to the implementation status and maybe an interim update on how the rules affecting you and the challenges you're seeing and maybe having some discussions but this is going to depend on your specific organization and what your board expects and wants to see and your risk profile and your size and complexity.

Now, finally, when 1071 is finally done and you've got everything ready to go, you've started the process, I think it's important to, again, update the board and let them know that this was a success. Let them know it's been complete and let them know what steps still need to be taken, such as ongoing audits and monitoring to ensure that it was effectively done.

Now, one piece in the middle of this, that I haven't talked about yet relates to the firewall. There is a firewall piece where your organization is going to have to determine whether or not certain staff who help to underwrite covered loans, which are loans to small businesses, those owned by minorities and women-owned, you're going to have to determine if those staff who underwrite such loans do, in fact, need to have access to the demographic information that now is going to have to be collected by 1071. And if those people do not need access, then you have to set up a firewall so that they don't get access. I think that's important to update your board about. But if they do need access, you also have to make a determination that they do need access and you have to justify this. And I think that's also important to update the board about. So regardless of what you do for your firewall, I think it's going to be an important step to update your board and essentially have them sign off on your determination of whether you need to implement a firewall for certain staff or if you made a determination that they do, in fact, need access to certain demographic information as required by subpart B of Regulation B for the 1071 rule.

So that is also an important update step for the board of directors.

That's all we have for this Compliance Clip.