As discussed here, following the U.S. Supreme Court’s decision in Community Financial Services Association of America, Limited v. Consumer Financial Protection Bureau (CFPB or Bureau), which upheld the CFPB’s funding structure, the Bureau announced updated compliance dates for its Section 1071 Final Rule concerning small business data collection and reporting under the Dodd-Frank Act.

Yesterday, the CFPB issued an interim final rule that officially memorializes these updated compliance dates. This interim final rule is effective 30 days after publication in the Federal Register.

The new compliance dates are as follows:

Compliance TierOriginal Compliance DateNew Compliance Date
Tier 1 institutions (highest volume lenders)October 1, 2024July 18, 2025
Tier 2 institutions (moderate volume lenders)April 1, 2025January 16, 2026
Tier 3 institutions (smallest volume lenders)January 1, 2026October 18, 2026

In addition to extending the compliance dates, the interim final rule allows financial institutions to use their small business originations from 2022 and 2023 to determine their initial compliance date, or instead use their originations from 2023 and 2024. This provides flexibility for institutions in determining their compliance tier.

The CFPB has also updated its Grace Period Policy Statement to reflect the new compliance dates. The grace period will give institutions time to diagnose and address unintentional errors without the prospect of penalties for inadvertent compliance issues. In its press release announcing the interim rule, the CFPB also stated that it will not assess penalties for reporting errors for the first 12 months of collection. Instead, it will conduct examinations only to assist lenders in diagnosing compliance weaknesses, “so long as lenders engage in good faith compliance efforts.” The Final Rule also permits lenders to collect demographic data up to one year before their compliance date to test their procedures and systems.