Key Takeaways
- A newly proposed House bill would amend the CFPB's 888-page small business data collection rule, signaling tighter reporting requirements for alternative lenders including MCA funders.
- KYC compliance for alternative lenders is shifting from voluntary best practice to regulatory expectation, making verifiable audit trails essential.
- MCA lenders who rely on manual or phone-based bank verification face growing documentation risk as data collection mandates expand.
- Asynchronous, recorded bank verification provides timestamped, tamper-resistant compliance evidence that satisfies emerging regulatory standards.
- Funders who invest in structured verification workflows now will be positioned to meet both current and future CFPB reporting obligations without operational disruption.
A Quiet Bill With Loud Implications for MCA Lenders
In late April 2026, a bill was introduced in the House of Representatives to amend the CFPB's small business data collection rule, the sprawling 888-page regulation known formally as Section 1071 of the Dodd-Frank Act. While the proposed changes appear minor on the surface, they represent something much bigger: congressional willingness to actively reshape how small business lending data gets collected, stored, and reported. For MCA lenders and alternative funders, KYC compliance for alternative lenders is no longer a distant regulatory worry. It is becoming an operational imperative embedded in federal rulemaking.
The timing matters. The CFPB itself has been internally reconfiguring the rulebook throughout 2026, and now Congress is layering on its own modifications. That dual-track pressure creates a compliance environment where waiting to see what happens is itself a risk. Lenders who fund merchants today using opaque verification methods, phone calls with no records, emailed screenshots, manually reviewed PDFs, face growing exposure every time the regulatory goalposts shift.
This article breaks down what the proposed amendment means in practice, why it accelerates the need for auditable bank verification, and how MCA funders can build compliance-ready workflows before the rules finalize.
What the Proposed Amendment Actually Changes
The Section 1071 Landscape
Section 1071 requires lenders that originate small business credit to collect and report demographic and lending data to the CFPB. The original rule has been delayed, challenged in court, and partially implemented in phases. But its core mandate is clear: lenders must document who they lend to, on what terms, and through what processes. The rule applies broadly, and while MCA funders have historically argued they fall outside the definition of "credit," that boundary continues to erode as courts and regulators increasingly treat MCAs as loans for compliance purposes.
The newly proposed bill does not rewrite Section 1071. Instead, it makes targeted amendments that clarify reporting thresholds, adjust data field requirements, and refine how lenders document the underwriting process behind each funding decision. Congressional interest in refining (rather than repealing) the rule signals that expanded data collection is here to stay. The question for MCA lenders is not whether they will need to comply, but whether their current workflows can produce the documentation that compliance demands.
The Documentation Burden Grows
Every amendment that touches data collection has downstream effects on verification. If you are required to report that you verified a merchant's bank activity before funding, you need evidence of that verification. A note in a CRM that says "spoke with applicant, confirmed deposits" does not meet the standard that regulators are building toward. The CFPB has been explicit in other enforcement actions that lenders must maintain records sufficient to demonstrate the basis for their decisions. For MCA funders, that means bank verification is no longer just an underwriting step. It is a compliance artifact.
Consider the practical implications. An underwriter reviews three months of bank statements from an applicant. They spot consistent daily deposits, reasonable expenses, and no obvious red flags. They approve the deal. Six months later, a regulator or auditor asks: how did you verify those statements were authentic? When did the review happen? Who conducted it? Can you prove the applicant actually showed you live banking data rather than a doctored PDF?
Without a recorded, timestamped verification process, the answer to most of those questions is "we can't prove it." That gap is exactly what the evolving regulatory framework is designed to close.
Why KYC Compliance for Alternative Lenders Is Accelerating
Regulatory Convergence From Multiple Directions
The CFPB amendment is not happening in isolation. Throughout 2026, state-level regulations have been tightening around MCA disclosure and documentation. Virginia now has 229 registered MCA providers operating under new compliance standards. California's AB2116 continues to reshape funder obligations on the West Coast. Canada's consumer-driven banking framework is adding its own layer of requirements for lenders operating north of the border.
The convergence of federal, state, and international rules creates a compliance matrix that manual processes simply cannot keep up with. Each jurisdiction has slightly different documentation expectations, but they all share one common thread: show your work. Prove that your verification was real, that it happened when you say it did, and that it captured what you claim it captured.
The Audit Trail Becomes a Competitive Differentiator
For institutional-scale funders, the ability to produce clean audit trails is already a prerequisite for accessing capital markets. Securitization, warehouse lines, and institutional partnerships all require documentation that can withstand third-party scrutiny. The Regents Capital $132.9 million inaugural ABS transaction announced this month is a reminder that capital markets demand rigorous documentation standards. While Regents operates in equipment leasing, the same institutional expectations are cascading into MCA and alternative lending as funders seek securitization-grade portfolios.
Lenders who build compliance-ready verification workflows gain more than regulatory safety. They gain access to cheaper capital, faster institutional partnerships, and stronger audit outcomes. The cost of building these workflows after a regulatory deadline hits is always higher than building them proactively. As we explored in our analysis of how audit season exposes bank verification documentation gaps, the funders who struggle most during audits are those who treated verification as informal rather than systematic.
How Asynchronous Verification Fits the New Compliance Standard
The specific documentation requirements emerging from the CFPB framework and state regulations align remarkably well with asynchronous, recorded bank verification. Here is why.
When an applicant records their live banking session through a browser-based tool like Exact Balance, the resulting artifact is inherently compliant. It carries a timestamp showing when the recording occurred. It captures the applicant navigating their actual banking portal in real time, which is orders of magnitude harder to fake than a static PDF. The recording is encrypted, securely stored, and accessible on demand for auditors or regulators. Activity logs track when the verification link was opened, when the recording started, and when it was submitted, creating a chain of custody that satisfies even stringent documentation standards.
Compare that to the traditional approach: an underwriter dials an applicant, asks them to share their screen or read numbers over the phone, jots notes in a spreadsheet, and moves on. No recording. No timestamp. No proof the conversation happened at all. In a regulatory environment that increasingly demands "show your work" documentation, that gap is untenable.
Building Compliance-Ready Verification Workflows Before the Deadline
Standardize What You Verify
The first step is defining exactly what your underwriters need to see and ensuring every applicant provides the same information. Custom instructions, specifying account summaries, date ranges, and transaction categories, eliminate the variability that makes audits messy. When every verification follows the same template, auditors can assess your process rather than evaluating each deal individually.
Record Everything, Review on Your Schedule
Asynchronous workflows decouple the applicant's schedule from your underwriter's schedule without sacrificing documentation quality. The applicant records when it is convenient for them. Your team reviews when capacity allows. The recording persists as permanent compliance evidence regardless of when either party completes their step.
Centralize Status Tracking and Audit Access
A single dashboard where every verification request lives, filterable by status, with direct access to recordings and activity logs, transforms compliance from a scramble into a routine. When a regulator asks about a specific deal funded eight months ago, you should be able to pull the verification recording, the activity log, and the underwriter's decision in under sixty seconds. That speed signals institutional maturity and dramatically reduces the cost of compliance responses.
Integrate With Your Existing Deal Flow
Compliance workflows that exist outside your core systems get skipped under pressure. Integration with platforms like Salesforce ensures that verification is a natural step in the deal pipeline rather than an afterthought. When verification status is visible alongside deal status, nothing falls through the cracks.
Frequently Asked Questions
What is the CFPB's Section 1071 small business data collection rule?
Section 1071 of the Dodd-Frank Act requires lenders that originate small business credit to collect and report data about their lending activity to the CFPB. The rule covers demographic information, loan terms, and underwriting processes. While MCA funders have debated whether they fall under its scope, the regulatory trend in 2026 strongly suggests that alternative lenders will need to comply with at least some of its reporting requirements. The newly proposed House amendment refines specific data fields and thresholds but reinforces the rule's core documentation mandate.
Does the CFPB data collection rule apply to MCA lenders?
The applicability of Section 1071 to MCA specifically remains a subject of legal interpretation. However, several factors point toward inclusion: state-level laws increasingly classify MCAs alongside traditional credit products, courts have recharacterized MCAs as loans in multiple jurisdictions, and the CFPB's own enforcement posture treats MCA documentation obligations seriously. Prudent funders are preparing for compliance now rather than betting on an exemption that may not hold.
How does asynchronous bank verification help with regulatory compliance?
Asynchronous bank verification creates timestamped, encrypted recordings of applicants navigating their live banking portals. These recordings serve as tamper-resistant documentation that proves verification occurred, when it happened, and what it revealed. Activity logs add another layer of evidence by tracking link opens, recording starts, and submission times. Together, these artifacts satisfy the "show your work" documentation standard that regulators increasingly expect from lenders.
What happens if MCA lenders don't prepare for expanded data collection requirements?
Lenders who lack structured verification documentation face multiple risks. Regulatory examinations can result in enforcement actions, fines, or operational restrictions. Institutional capital partners may decline to fund portfolios that cannot demonstrate compliance-grade underwriting processes. Audit failures create reputational damage and increase the cost of future capital. Perhaps most importantly, retrofitting compliance into existing workflows is far more expensive and disruptive than building it in from the start.
Conclusion
The proposed amendment to the CFPB's small business data collection rule is a clear signal that documentation expectations for alternative lenders are tightening, not loosening. MCA funders who treat bank verification as an informal step risk finding themselves on the wrong side of regulations that reward structured, auditable processes.
Exact Balance was built for exactly this moment. Browser-based screen recordings, AI-guided applicant coaching, encrypted storage, full activity logs, and a centralized underwriter dashboard give your team everything it needs to verify bank transactions and produce compliance evidence in one seamless workflow. No scheduling, no downloads, no documentation gaps.
Visit exactbalance.ca to see how async bank verification fits into your compliance-ready underwriting workflow.