Key Takeaways
- California's proposed AB2116 would extend consumer financial protections to businesses generating up to $18 million in annual revenue, dramatically expanding regulatory scope for MCA funders.
- Bank verification software for funders must evolve to produce auditable, compliance-ready documentation if the bill passes.
- AI-powered extraction and structured audit trails will shift from competitive advantages to baseline regulatory requirements.
- Funders who rely on manual or fragmented bank verification processes face the highest compliance risk under the new framework.
- Preparing now by adopting asynchronous, AI-driven verification workflows reduces exposure regardless of whether AB2116 becomes law.
California Wants to Treat Your MCA Merchants Like Consumers
California's legislature has introduced AB2116, a bill that would amend the state's Consumer Financial Protection Law to classify small businesses generating less than $18 million a year in revenue as consumers. If you fund merchant cash advances, that threshold covers nearly every deal on your desk. The implications for bank verification software for funders are significant: every verification step, every extracted data point, and every underwriting decision could fall under the same scrutiny regulators apply to consumer lending.
This is not a hypothetical future. The bill is advancing through committee in 2026, and California has a track record of setting regulatory precedents that other states follow. The state already requires commercial financing disclosures under SB 1235, and AB2116 would layer consumer-grade compliance obligations on top of those existing rules. For funders processing hundreds or thousands of applications per month, the question is not whether compliance requirements will tighten. The question is whether your current verification and documentation infrastructure can withstand that pressure.
This article breaks down what AB2116 means for MCA bank verification workflows, where the compliance gaps are hiding, and how AI-driven verification platforms close those gaps before they become liabilities.
What AB2116 Actually Changes for MCA Verification Workflows
The Scope Expansion Problem
Under current California law, consumer financial protections apply to individuals. MCA transactions, structured as purchases of future receivables from businesses, have generally operated outside that framework. AB2116 redraws the line. According to reporting from deBanked, the bill defines a "small business" as any entity generating under $18 million in annual revenue, and it would grant those businesses the same protections currently reserved for individual consumers.
For MCA funders, that means the informal, speed-first approach to bank verification becomes a regulatory liability. Consumer financial protection frameworks require clear documentation of how financial information was gathered, verified, and used in decision-making. Every bank statement you review, every cash flow figure you extract, and every approval or denial you issue could be subject to regulatory examination with the same standards applied to a personal loan.
Audit Trails Move From Nice-to-Have to Non-Negotiable
The most immediate operational impact of AB2116 centers on documentation. Consumer protection enforcement relies on audit trails. Regulators want to see when a document was received, who reviewed it, what data was extracted, and how that data influenced the funding decision. If your bank verification process involves downloading PDFs from email, opening them in a viewer, and manually keying numbers into a spreadsheet, there is no audit trail. There is only a spreadsheet with numbers that could have come from anywhere.
This is where the gap between manual processes and purpose-built bank verification software becomes a compliance issue, not just an efficiency issue. Platforms that log every document upload, timestamp every extraction, and record every human review create the kind of defensible record that regulators expect. As we explored in our analysis of common mistakes new MCA companies make with bank verification, many funders treat documentation as an afterthought until a dispute or audit forces them to reconstruct a paper trail that does not exist.
AI Extraction as Compliance Documentation
AI-powered document extraction does more than save time. It produces structured, repeatable, and auditable output. When a human manually reads a bank statement and types a balance into a CRM, there is no record of what they saw, how they interpreted it, or whether they transposed a digit. When an AI extraction engine processes the same document, it generates a data record tied directly to the source file, with confidence scores, field mappings, and timestamps.
Under a regulatory framework like the one AB2116 proposes, that structured output becomes your compliance documentation. Every extracted field can be traced back to the original document. Every review and edit by a human underwriter is logged. The Consumer Financial Protection Bureau has made clear in enforcement actions against consumer lenders that "we couldn't find the records" is not an acceptable defense, and California regulators have followed the same playbook.
Let's Submit's AI-powered extraction pipeline is built with this principle at its core. Documents uploaded through the applicant portal or forwarded via email are parsed automatically, with extracted business information, financials, and owner details stored alongside the source files. Every action taken on an application, from upload to review to export, is captured in a complete audit trail.
Why Asynchronous Verification Fits the Regulatory Moment
Traditional bank verification workflows are synchronous. An underwriter requests documents, waits for them, reviews them in real time, and moves on. That workflow is fast when everything goes smoothly, but it creates gaps when documents are incomplete, delayed, or require re-verification. In a consumer-protection environment, those gaps are vulnerabilities. A missing timestamp, an undocumented re-request, or an unlogged revision can undermine your compliance posture.
Asynchronous bank verification, where applicants upload documents through a secure portal and AI processes them in the background, creates a fundamentally more defensible workflow. Every interaction is captured. Applicants receive a single link, upload their documents at their convenience, and the system processes everything with full logging. No email threads to reconstruct. No missing attachments to track down. No ambiguity about what was received and when.
This approach also solves a problem funders often overlook: the applicant experience. Under consumer protection frameworks, regulators care about how businesses are treated during the application process, not just the outcome. A streamlined, transparent upload experience demonstrates good-faith dealing, which matters when the regulatory standard shifts from "buyer beware" to "lender, prove you were fair."
Preparing Before the Law Passes
The strongest argument for upgrading your bank verification infrastructure is not AB2116 specifically. It is the direction the industry is moving. California's commercial financing disclosure rules already signal where regulators are heading. Canada's consumer-driven banking framework, as we discussed in our coverage of how Canada's open banking changes affect bank verification software, is pushing similar transparency requirements from the other direction, by giving business owners more control over their financial data.
Funders who wait for AB2116 to pass before upgrading their systems will face a scramble. Consumer protection compliance is not a feature you bolt on. It requires structured data capture from the point of first contact with an applicant. Retrofitting audit trails onto existing workflows is expensive, error-prone, and typically incomplete.
Consider the practical scenario. You fund a California-based restaurant generating $4 million in annual revenue. Under AB2116, that business is a "consumer" for the purpose of financial protections. If the owner later claims they were treated unfairly, the regulator's first question will be: show us your records. Show us the bank statements you reviewed. Show us how you extracted the data. Show us the decision trail. If your answer involves forwarding a chain of emails and pointing to a spreadsheet, you have a problem.
Now consider the same scenario with a platform like Let's Submit in the workflow. The applicant uploaded documents through a secure, timestamped portal. AI extracted the key data fields, which an underwriter reviewed and confirmed. Every step is logged. The source documents, extracted data, and review history are all linked and exportable. That is the difference between a compliance headache and a five-minute response to a regulatory inquiry.
Broader Market Signals Point in the Same Direction
AB2116 is not an isolated event. LendingTree's recent Q4 earnings call highlighted that the MCA market is growing, with small business financing becoming a strategic priority for major referral platforms. Growth attracts regulatory attention. As MCA volumes increase, so does the political incentive to extend consumer protections to the businesses receiving funding.
At the same time, technology capabilities are advancing. AI extraction accuracy has improved to the point where automated document processing is not just faster than manual review but more consistent and more auditable. Machine learning models can flag anomalies in bank statements, detect patterns consistent with stacking or synthetic fraud, and categorize transactions with precision that manual reviewers cannot match at scale. These are not futuristic capabilities. They are production features in platforms serving lenders today.
The funders who will thrive in this environment are the ones treating compliance infrastructure as a competitive advantage rather than a cost center. When every competitor faces the same regulatory requirements, the ones who already have clean, auditable verification workflows will process deals faster and defend them more effectively.
Frequently Asked Questions
What is California's AB2116 and how does it affect MCA lenders?
California's AB2116 is a proposed bill that would amend the state's Consumer Financial Protection Law to classify businesses generating less than $18 million in annual revenue as consumers. For MCA lenders, this means funding transactions with the vast majority of small businesses would fall under consumer-grade regulatory scrutiny, requiring detailed documentation, audit trails, and defensible verification processes for every deal.
How does bank verification software help MCA funders stay compliant?
Bank verification software creates structured, timestamped records of every document received, every data point extracted, and every review action taken by underwriters. This audit trail is essential for compliance with consumer financial protection laws. AI-powered platforms like Let's Submit automatically log the entire application lifecycle, from document upload through data extraction to final review, producing the kind of defensible records that regulators require.
Should MCA funders outside California care about AB2116?
Yes. California frequently sets regulatory precedents that other states adopt. The state's existing commercial financing disclosure requirements under SB 1235 have already influenced legislation in New York, Virginia, and Utah. Funders operating nationally should treat AB2116 as an early indicator of where compliance requirements are heading industry-wide, and invest in verification infrastructure accordingly.
What is asynchronous bank verification and why does it matter for regulatory compliance?
Asynchronous bank verification allows applicants to upload documents through a secure portal at their own pace, rather than requiring real-time interaction with an underwriter. AI processes the documents automatically and logs every step. This approach matters for compliance because it creates a complete, timestamped record of the entire document collection and review process, eliminating the gaps and ambiguities that plague email-based workflows.
Conclusion
California's AB2116 represents a clear signal: the regulatory environment for MCA lending is converging with consumer protection standards. Whether this specific bill passes or not, the direction is unmistakable. Funders who rely on manual, undocumented bank verification workflows are building on a foundation that regulators are actively working to undermine.
The solution is not to slow down. It is to build verification processes that are fast and defensible at the same time. AI-powered extraction, secure applicant portals, and complete audit trails are not overhead costs. They are the infrastructure that lets you fund deals confidently in a tightening regulatory environment.
Let's Submit was built for exactly this moment. Visit letssubmit.ca to see how asynchronous, AI-powered bank verification fits into your compliance workflow, before the next regulation makes it mandatory.