Key Takeaways
- A new House bill proposes amendments to the CFPB's 888-page small business data collection rule, signaling fresh compliance obligations for MCA funders.
- Bank verification software for funders must evolve to capture, categorize, and retain granular lending data that regulators now expect to see.
- AI-powered document extraction and audit trail capabilities are no longer optional; they are becoming regulatory prerequisites.
- Funders who treat compliance tooling as separate from underwriting infrastructure will face duplicated costs and data gaps.
- Async verification workflows that unify document collection, data extraction, and compliance logging give funders a structural advantage.
A Quiet Bill With Loud Implications for MCA Funders
In late April 2026, a bill was introduced in the House of Representatives to amend the CFPB's small business data collection rule, the sprawling 888-page framework that has been a moving target since its initial finalization. The proposed changes are narrow in scope, but the direction is unmistakable: regulators want more structured, auditable lending data from every participant in the small business financing chain, including merchant cash advance funders.
For MCA lenders, this is not a distant regulatory abstraction. The data collection rule already requires covered financial institutions to gather and report demographic, geographic, and decisioning data on small business credit applications. Any amendment that refines definitions, adjusts thresholds, or clarifies reporting obligations has a direct downstream effect on the systems funders use to collect, verify, and store merchant information. That is why the conversation about bank verification software for funders keeps returning to compliance readiness, not just underwriting speed.
This article breaks down what the proposed amendment means for MCA operations, why your verification and document extraction infrastructure needs to do double duty as a compliance tool, and how AI-powered platforms are bridging the gap between fast underwriting and regulatory preparedness.
What the Proposed Amendment Actually Changes
Narrowing the Rule Without Shrinking the Burden
The bill does not attempt to gut the CFPB's data collection framework. Instead, it targets specific provisions within the existing 888-page rulebook. While the full legislative text is still being debated, the pattern is consistent with what industry observers expected: minor definitional adjustments, clarifications on which entities qualify as covered lenders, and refinements to how application data must be categorized.
For MCA funders, the critical question is whether merchant cash advances fall within the amended scope. The original rule left some ambiguity around whether certain revenue-based financing products constitute "credit" for reporting purposes. Any amendment that resolves this ambiguity, even partially, forces funders to decide quickly whether their data infrastructure is ready.
Data Retention and Reporting Expectations
One of the most operationally significant aspects of the data collection rule is its retention requirements. Covered institutions must maintain records for at least three years, and the data must be structured enough to support regulatory examination. This is where most MCA operations hit a wall. Bank statements arrive as PDFs via email. Application forms come in inconsistent formats. Owner identity documents are scattered across inboxes and shared drives.
Manual processes can technically satisfy a retention requirement, but they cannot satisfy an auditability requirement. When a regulator asks to see the bank statements that supported a specific funding decision, the answer cannot be "let me search my inbox." The answer needs to be a timestamped, indexed, searchable record tied to that merchant's application. This is precisely the gap that modern bank verification software for funders is designed to fill.
Why Compliance and Underwriting Are the Same Infrastructure Problem
The temptation for many funders is to treat compliance tooling as a bolt-on, something layered on top of existing underwriting workflows after the fact. This approach creates two problems. First, it doubles the data handling. Every document gets processed once for underwriting and again for compliance logging. Second, it introduces inconsistency. The data your underwriter sees and the data your compliance officer can produce for a regulator may not match.
Platforms like Let's Submit solve this by making compliance a byproduct of the normal underwriting workflow. When a merchant uploads bank statements through a secure portal, the system extracts financial data using AI, logs every action in an audit trail, and stores the original documents alongside the parsed results. The underwriter reviews the extracted data. The compliance team accesses the same record. There is one source of truth, and it was built automatically during the intake process.
As we explored in our analysis of how MCA audit readiness demands automated bank statement analysis, the funders who separate compliance from operations end up paying twice for the same data and still falling short when examiners come knocking.
How AI-Powered Extraction Meets Regulatory Demands
Turning Unstructured Documents Into Regulatory-Ready Data
The CFPB's data collection framework assumes that lenders can produce structured, categorized data on demand. For traditional banks with core banking systems, this is feasible. For MCA funders processing hundreds of PDF bank statements per week, it requires a fundamentally different approach.
AI-powered document extraction transforms unstructured PDFs into structured datasets. Revenue figures, daily balances, NSF counts, deposit patterns, and owner information are parsed automatically and stored in a consistent schema. This is not just faster than manual data entry; it produces data that is inherently more auditable because it follows a repeatable, documented process.
Let's Submit's AI extraction engine is purpose-built for this use case. Bank statements, business applications, tax documents, and identity records are all processed through the same pipeline, producing standardized outputs that serve both underwriting review and compliance documentation. The system's audit trail records when each document was uploaded, who reviewed it, what data was extracted, and whether any fields were manually corrected.
Navigating AI Bias Concerns in a Regulatory Environment
Any conversation about AI in lending compliance must address the bias question. The CFPB has been explicit that automated decision-making tools used in credit decisions must not produce discriminatory outcomes. For MCA funders using AI to extract and analyze bank statement data, this means understanding the distinction between extraction and decisioning.
Document extraction, converting a PDF into structured fields, is a classification task, not a credit decision. The AI is identifying numbers, dates, and account holders. It is not deciding whether to fund the merchant. This distinction matters because it places AI extraction in a lower-risk regulatory category than AI-driven credit scoring or automated approval engines.
That said, funders should maintain clear documentation showing that AI is used for data extraction and organization, not for making or influencing funding decisions without human review. Let's Submit's workflow enforces this boundary by design: AI extracts the data, and a human underwriter reviews it before any decision is made. As we discussed in why humans fail at underwriting and why AI alone won't fix MCA lending, the best outcomes come from pairing automated extraction with human judgment.
What MCA Funders Should Do Now
Audit Your Existing Data Pipeline
Before the amended rule takes effect, funders should map every step of their application intake process. Where do documents enter the system? How are they stored? Can you produce a complete application file, including all bank statements and supporting documents, for any merchant funded in the past three years? If the answer involves searching through email threads or asking a team member to recall where a file was saved, your pipeline has a compliance gap.
Consolidate Your Intake Channels
Many funders receive applications through multiple channels: email forwards from brokers, direct uploads from merchants, and sometimes even fax. Each channel creates a separate data silo. A unified intake platform that accepts documents from all channels, whether through a secure upload link sent to the applicant or an email forwarding integration, eliminates these silos and ensures every document enters the same audit-ready pipeline.
Choose Bank Verification Software That Serves Both Compliance and Underwriting
The proposed CFPB amendment reinforces a trend that has been building throughout 2026: regulators expect MCA funders to operate with the same data discipline as traditional lenders. Bank verification software for funders must now serve two masters simultaneously. It must accelerate underwriting by extracting financial data instantly, and it must satisfy compliance by maintaining complete, timestamped records of every document and every action.
This dual mandate is exactly what Let's Submit was built for. The platform's async verification workflow lets merchants upload documents on their own time through a secure link. AI extracts business information, financials, and owner details automatically. Every step is logged. The result is an application file that is ready for underwriting review and, if needed, regulatory examination.
For funders evaluating their compliance exposure under the evolving CFPB framework, our breakdown of compliance gaps highlighted in recent industry webinars provides additional context on where most operations fall short.
Frequently Asked Questions
Does the CFPB small business data collection rule apply to MCA lenders?
The applicability depends on whether a merchant cash advance is classified as "credit" under the rule's definitions. The original rule left some ambiguity, and the proposed House amendment may clarify this. Regardless of the final classification, funders who proactively adopt structured data collection and retention practices will be better positioned if the rule is interpreted to include MCA products. Many industry attorneys recommend treating the rule as applicable until definitively excluded.
What data must MCA funders retain under the CFPB data collection rule?
Covered institutions must retain application-level data including business demographics, geographic information, funding amounts, and decisioning outcomes for at least three years. Supporting documents like bank statements and identity records should also be retained in a format that allows regulators to reconstruct the underwriting process. AI-powered platforms that automatically extract and index this data make retention and retrieval significantly easier than manual filing systems.
How does AI document extraction help with CFPB compliance?
AI extraction converts unstructured documents, such as PDF bank statements, into structured, searchable data fields. This structured data is easier to categorize, retain, and produce during regulatory examinations. Because the extraction process is automated and repeatable, it also creates a consistent audit trail showing exactly how data was captured and processed, which is a key requirement for demonstrating compliance with data collection rules.
Can using AI in MCA underwriting create regulatory risk?
AI used for document extraction and data organization carries lower regulatory risk than AI used for automated credit decisioning. The CFPB's concern centers on whether automated tools produce discriminatory lending outcomes. Funders can mitigate risk by clearly separating AI-powered extraction from human-driven funding decisions, maintaining documentation that shows AI is used as a tool to support, not replace, underwriter judgment.
Conclusion
The proposed amendment to the CFPB's small business data collection rule is a reminder that regulatory expectations for MCA funders are converging with those for traditional lenders. Structured data, complete audit trails, and defensible documentation practices are no longer aspirational goals; they are operational requirements that regulators will test.
Bank verification software for funders must rise to meet this dual mandate: accelerating underwriting while building compliance-ready records automatically. Let's Submit was designed from the ground up to do exactly this. One secure link collects the documents. AI extracts the data. Every action is logged. Your team reviews and moves forward, confident that the compliance record was built in the process.
Visit letssubmit.ca to see how async bank verification and AI-powered extraction can unify your underwriting and compliance workflows in a single platform.