The CFPB recently issued compliance guidance for its final rule implementing Section 1071 of the Dodd-Frank Act. Pursuant to Section 1071, the final rule (published in late March) will require financial institutions to collect and submit to the Bureau data on small business lending, defined as an entity with less than $5 million in gross revenue in the most recent fiscal year ( covered by InfoBites here ). The guidance: (i) includes a detailed summary of the final rule’s requirements, including data reporting deadlines; (ii) provides comprehensive information on the types of data that financial institutions should collect and report on small business lending applications and decisions; and (iii) includes parameters for covered institutions and covered sources. The guide further breaks down the reportable data points and explains the final rule’s “firewall” provision, which states that employees and officers of the financial institution or its affiliates “involved in making any decisions” about the reportable application generally barring access to applicants’ demographic information related to ethnicity, race, gender, and minority-owned, female-owned, or LGBTQ+ business status. The guidance specifies that certain exceptions may apply to situations where a decision-making employee must have access to the data to fulfill their assigned duties (eg, loan officer or loan processor). In these situations, financial institutions are required to notify applicants that employees and officials involved in decision-making may have access to their demographic information.