Overview of Lending Regulatory Compliance

Federal lending regulations create the foundational compliance layer. The Truth in Lending Act (TILA) and its implementing Regulation Z require accurate disclosure of loan terms, APR, and total costs, with the TILA-RESPA Integrated Disclosure (TRID) rules governing the Loan Estimate and Closing Disclosure timing and content. The Real Estate Settlement Procedures Act (RESPA) and Regulation X prohibit kickbacks, require escrow account management standards, and govern servicer obligations. The Equal Credit Opportunity Act (ECOA) and Regulation B prohibit discrimination in lending based on race, color, religion, national origin, sex, marital status, age, and receipt of public assistance. The Home Mortgage Disclosure Act (HMDA) and Regulation C require collection and reporting of demographic and loan-level data for fair lending analysis. The SAFE Act mandates loan originator licensing and registration. Dodd-Frank established the CFPB as the primary federal enforcement agency and created the ability-to-repay/qualified mortgage (ATR/QM) framework. Violations of any of these regulations can trigger penalties ranging from $5,000 per violation (TRID) to pattern-or-practice fair lending penalties exceeding $1 million.

State regulations add another compliance layer, often exceeding federal minimums. State-level requirements include: licensing and examination (annual or biennial audits by state regulators), state-specific disclosure requirements (many states require additional disclosures beyond federal requirements), rate and fee limitations (some states cap origination fees, discount points, or total fees charged to borrowers), anti-predatory lending laws (state laws defining high-cost loans with additional restrictions and requirements), and state consumer protection acts (providing borrowers with private rights of action and potential treble damages). Multi-state lenders must maintain a compliance matrix tracking each state’s unique requirements, update it as laws change (which happens frequently at the state level), and train staff on state-specific variations. The compliance burden of adding each new state is not trivial—state regulatory examinations can require weeks of preparation and dozens of hours of staff time, and findings can restrict the company’s ability to originate in that state.

A lending company’s compliance management system (CMS) is the organizational structure, policies, and procedures that ensure ongoing compliance with all applicable regulations. The CFPB evaluates CMS through four components: board/management oversight (documented commitment to compliance, adequate resources, accountability), compliance program (written policies and procedures, designated compliance officer, training program), consumer complaint management (intake, tracking, resolution, and analysis of complaints), and compliance audit (independent testing of compliance effectiveness). For startup lenders, the CMS can be managed by a designated compliance officer who may also hold other roles (in companies under 30 loans/month) but must be empowered to escalate compliance concerns without reprisal. As the company grows beyond 50 loans/month, dedicated compliance staffing becomes necessary. Third-party compliance consulting firms provide an intermediate solution at $2,000-$5,000/month, offering regulatory updates, policy maintenance, and examination preparation support.