CFPB final rules for Reg B and Dodd-Frank section 1071 were published in the Federal Register on 4/22/26 and 5/1/26, respectively. We are clearly in a deregulatory environment, though compliance personnel should not let that lull them into a state of complacency. While it is true that, in general, the rules are becoming more lax and the compliance dates are getting pushed further into the future, it’s helpful to view the changes as a shift in legal scope and timing. The operational simplifications that result from the recent rule changes may be slim to none. The list of questions below is designed to help you ask the right questions within your organization so you can stay on top of these rule changes and build your CMS proactively.
A. Reg B — Fair Lending Governance & Decisioning
- Just because disparate impact liability is gone under Reg B, does that mean we’ve stopped monitoring for fair lending risks internally?
- When we deny a loan, are we giving consistent, standardized reasons across every channel and product line?
- If an AI or automated model declines someone, can it actually explain why in plain terms that hold up under Reg B?
- Are we still watching for discouragement across all our channels—marketing, digital, branches, brokers—even though the standards have narrowed?
- When someone makes a manual override or exception, is it documented well enough that we could defend it in an audit?
- If we had to go back and explain a credit decision from years ago—every input, every rationale, the policy in effect at the time—could we actually do it?
- In light of the Reg B changes, have we evaluated whether our Special Purpose Credit Program (SPCP) structure, documentation, targeting rationale, and monitoring processes need to change operationally or strategically?
B. Reg B — Operational Consistency & Risk Controls
- Does “application” mean the same thing whether someone walks into a branch, applies online, goes through a broker, or works with a relationship manager?
- Are our demographic data firewalls and access restrictions actually baked into the systems—or are they just in the policy manual?
- In our rush to simplify, have we cut fair lending controls that were actually protecting us—not just satisfying regulators?
C. Section 1071 — Scope, Classification & Applicability
- Do we actually know which of our products are in or out under the new, narrowed 1071 definitions that took effect in May 2026?
- Are we tracking our origination volumes closely enough to know—with confidence—whether we’re above or below the new thresholds?
- If the regulatory scope changes again, could we reassess applicability without rebuilding our entire process from scratch?
- Do we have a revised implementation plan (e.g., a swim-lane diagram, workstream map, or phased roadmap) that clearly shows how we will progress toward compliance under the new 1071 timeline?
D. Section 1071 — Data Architecture & Provenance
- Even with fewer required fields, can we still prove data provenance, lineage, and system-of-record accuracy for every reported data point?
- Have we designed our data processes so that additional fields or revised reporting requirements can be incorporated without significant rework?
- If an examiner asked us to pull up an application exactly as it looked when we submitted it, could we do that?
Visit us online if you’d like to reach out for more information.