ComplianceJune 24, 2026

From risk to recalibration: Insights on Section 1071 from industry leaders

Key Takeaways

  • Financial institutions should reassess scope, reuse prior implementation work, and start optional early data collection ahead of the 2028 deadline to test processes and systems.
  • Strong governance models, cross-functional alignment, and investment in modern data and lending infrastructure are key to successful Section 1071 implementation.
  • Even with fewer required data fields, fair lending risks remain, so institutions must maintain robust analytics, monitoring, and flexible systems for future regulatory changes.
How leading institutions are staying ahead of the compressed timeline

The CFPB’s final Section 1071 rule may have reduced reporting requirements, but it continues to raise important concerns for financial institutions on implementation efforts, technology readiness, fair lending monitoring, and regulatory uncertainty.

In a recent moderated panel discussion, Unlocking the new Section 1071 rules: Impact, risks, and action plans, Wolters Kluwer gathered industry experts to discuss how their organizations are adapting to the final rule. 

Moderated by Jason Keller, Director of Market Strategy for Compliance Analytics at Wolters Kluwer,

  • Elena Babinecz, former CFPB Section 1071 manager and current Shareholder at Baker Donelson
  • Chelsea Shenton, Senior Vice President, Compliance Director for CRA Oversight/1071Implementation at KeyBank
  • Melinda Lawrence, Senior Vice President, Head of Consumer and Small Business Compliance at First Citizens Bank
  • Vivek Saraswat, Senior Vice President, Compliance Director, Truist

Their discussion surfaced four common themes: recalibrating scope, strengthening governance, maintaining visibility into risk, and building programs designed to adapt to future change.

“Don’t wait,” said Babinecz. “This rule may very likely go into effect, so you just want to be ready.”

Strategy and recalibration: Redefining scope and priorities

The final rule presents a new challenge: determining what work should be retained, adjusted, or shelved.

Melinda Lawrence of First Citizens Bank encouraged institutions to take inventory of what has already been completed and what remains relevant under the revised requirements.

“It’s important from an institutional perspective to make sure that you’re taking stock in what you currently have, where you’re at,” Lawrence said. “Are the business units that were in scope before, are they currently in scope now?”

 

At First Citizens Bank, discussions have centered on a November 2027 target date to avoid year-end IT freezes and implementation constraints.

Institutions are encouraged not to view January 1, 2028 as an operational go-live date but instead take advantage of optional early data collection. This period can be used to validate processes, assess training effectiveness, perform QA/QC reviews, and make necessary adjustments before mandatory compliance begins.

Removed reporting fields may still provide value as well. While pricing information and denial reasons are no longer required reporting elements, these fields may may still support fair lending analysis, adverse action notice requirements, and future regulatory flexibility.

Rather than starting from scratch, institutions may focus on:

  • Determining which business units remain subject to reporting requirements
  • Revisiting previously paused implementation initiatives
  • Reassessing vendor, technology, and resource plans
  • Evaluating how changes to gross annual revenue thresholds affect scope

Execution and modernization: Building governance models that support execution

According to Chelsea Shenton of KeyBank, the conversation has shifted from implementing Section 1071 to governance.

Governance structures developed under the previous rule may need to be revisited. However, Shenton cautioned against spending too much time searching for a perfect model. “I don’t think there’s a one-size-fits-all model for governance. You have to think about your organization and your existing governance processes — your risk committees, change management processes, and regulatory processes.”

Organizations may benefit from evaluating whether existing governance structures still align with the revised scope of the rule while maintaining clear ownership and accountability. Institutions that were already considering investments in online applications, origination platforms, data governance, or infrastructure may find that regulatory implementation provides additional momentum for those initiatives.

Section 1071 implementation creates opportunities for:

  • Modernizing lending operations
  • Re-engaging governance committees and executive sponsors
  • Aligning compliance, legal, business, and technology teams
  • Revisiting governance models established under the prior rule
  • Establishing clear ownership and accountability

Analytics and risk management: Looking beyond reporting requirements

Fewer data points for collection do not mean a respite from regulatory or fair lending risk.

“This has resulted in a collective sigh of relief from many, including myself,” says Vivek Saraswat of Truist. “But this is also leading to this dangerous assumption that this somehow reduces the compliance risk.”

Underlying risks associated with underwriting exceptions, discretionary pricing, and steering have not disappeared simply because they are no longer included in required reporting. The Equal Credit Opportunity Act (ECOA) remains unchanged, and institutions may still need to understand and defend their lending practices beyond what appears in Section 1071 submissions.

At Truist, the focus has shifted from reporting requirements to portfolio risk management. The institution plans to augment collected 1071 data with proxy data and additional internal analysis to strengthen fair lending risk oversight.

Saraswat also highlighted the close relationship between CRA and Section 1071 data, noting that institutions may benefit from ensuring their data quality, governance, and analytical capabilities support both obligations.

Several areas that institutions may want to continue monitoring or maintaining include:

  • Underwriting and approval disparities
  • Fair lending analytics
  • Section 1071 and CRA data strategies
  • Robust firewall controls

Designing for durability: Building for future regulatory change

Although institutions are focused on today’s implementation requirements, panelists repeatedly emphasized the importance of preparing for tomorrow’s regulatory environment.

Rather than viewing the final rule as the finish line, industry leaders discussed the importance of building programs that can evolve alongside future regulatory, supervisory, or state-level changes.

Areas of focus may include:

  • Building scalable data architectures
  • Maintaining flexibility to add future data fields
  • Preserving implementation documentation and decision rationale

Saraswat encouraged institutions to keep future adaptability in mind as they design their programs. “Design your solution with that flexibility in mind that’ll allow you to scale up as the rule scope changes in the future.”

Successful Section 1071 programs may require more than compliance with today’s requirements. Reassessing scope, strengthening governance, maintaining visibility into fair lending risk, and building adaptable processes may help institutions navigate the 2028 implementation timeline — and whatever comes next.

This material is provided for informational purposes only and does not constitute, and is not intended to substitute for, legal, compliance, or other professional advice.

Explore related topics

Data analyticsDodd Frank
Solutions

Small Biz Wiz

Simplify Section 1071 data collection, reporting, and analysis with an integrated solution.
Learn More

Speak to a subject matter expert

Related Insights

  • Article
    Compliance
    May 27, 2026

    AI Risk and Governance Index: Where US banking is scaling, exposing, and confronting AI risk — in real time

    The AI Risk and Goverance Index captures how institutions are managing the risks that now define AI at scale: model drift, synthetic data integrity, fairness and consumer harm, vendor dependency, and incident response.
    Learn More
  • Article
    Compliance
    April 17, 2026

    Banking landscape transformation index: Where U.S. banking is winning, retreating, and re-engineering — In real time

    Insights from 220 banking leaders reveal how US institutions are re‑engineering capital, compliance, and technology strategies amid Basel III pressure, AI adoption, and rising non‑bank competition.
    Learn More
  • Article
    Compliance
    April 03, 2026

    The decline of the bank exam: How continuous data feeds can rewrite US supervision by 2028

    By 2028, continuous supervisory data feeds will displace the traditional 12–18‑month safety‑and‑soundness exam for large US banks, turning regulatory oversight into an always‑on, data‑engineering audit rather than a backward‑looking file review.
    Learn More
  • Article
    Compliance
    Finance
    February 04, 2026

    Wolters Kluwer Q1 2026 banking compliance AI trend report

    Wolters Kluwer shares insights from a survey of 148 financial institutions on AI adoption, data readiness, and regulatory challenges in banking. Download the Q1 2026 Banking Compliance AI Trend Report for analysis and recommendations.
    Learn More
Back To Top