Which Laws do Lenders Need to Comply With?
Audience: Upper Management, Loan Servicing/Collections Managers, Administrator, Compliance, Data
Just like how governments inspect food packaging plants and restaurants to keep consumers safe from food poisoning, they also regulate the lending industry to protect consumers from deceptive loan terms or unfair treatment.
But not all laws apply equally to different kinds of lenders or in different states. This article will explore some of the important regulations that those different kinds of lenders need to comply with.
What are Lending Regulations?
In the United States, lending regulations are written by a few different groups. At the federal level, Congress writes and passes bills. Then, the Federal Trade Commission (FTC) and Consumer Finance Protection Bureau (CFPB) write more specific regulations based around the acts that Congress passes.
In addition to these federal laws and regulations, there are also state laws and regulations. These will of course vary depending on the state that a lender is operating in. Governments outside the U.S. of course have their own methods for drafting and enacting regulations, which still govern US lenders if they serve clients in those countries.
The Difference between Legislation and Regulation: A Quick Civics Lesson
In theory, it should be the elected senators and representatives in Congress who decide what the rules are. In practice though, elected officials lack specific knowledge about most fields, so they delegate all the details to executive agencies. Congress might pass a piece of legislation, like the Truth in Lending Act (TILA), and then the FTC writes regulations detailing all the specifics, like Regulation Z.
There's a similar balance of responsibilities at the state level, where state legislatures pass laws that state agencies, headed by a governor, will enforce.
All consumer loans (but not Business-to-Business)
The Truth in Lending Act mandates that lenders inform consumers with a few key numbers at account opening and throughout the life of an account. The CARD Act, the FCCCDA, and the FCBA are all amendments to TILA.
Credit card issuers
The Credit Card Accountability, Responsibility, and Disclosure Act is designed mainly to increase consumer protections and place requirements for disclosing information to consumers regarding their credit card accounts.
All consumer loans (but not Business-to-Business)
The Fair Credit and Charge Card Disclosure Act regulates what information should be disclosed with solicitations and applications for credit or charge cards.
Small-Dollar Payments Rule
Primarily Small-Dollar Lenders. We have an article on who it applies to.
The CFPB's Small-Dollar Payments rule regulates loans that are less than 45 days, more than 36% APR, or a large final payment.
The Fair Debt Collections Practices Act places restrictions on what information a debt collector can share, who they can share it with, and how they can behave while working to collect on debts.
All financial institutions
The Gramm-Leach-Bliley Act was created to regulate how financial institutions protect and use the nonpublic personal information of their customers.
All consumer loans
The Fair Credit Billing Act protects consumers from unfair billing practices.
The Equal Credit Opportunity Act prohibits discrimination in any aspect of a credit transaction.
- California Consumer Privacy Act (CCPA) – The CCPA gives consumers in that state control over their data, and it's been followed by similar acts in Virginia, Colorado, and Utah. (Canada has its own nationwide legislation, PIPEDA.) People in these states can request from a lender a copy of all the data that lender has on them, and can also request that the lender deletes the data entirely. California also has a law called CALOPPA, which requires commercial websites and online services to follow certain privacy requirements. While this isn't a lending specific regulation, it does apply to any lenders who have websites or offer online services.
- Usury Laws – State legislatures sometimes set a price cap on interest rates. Texas caps theirs at 10%, and Ohio sets 8% as the legal maximum. Lenders in states with low interest caps can often get around them by working with a Credit Services Organization (CSO), third parties who might handle customer acquisition and underwriting. They'll typically work out an arrangement where the lender takes escrow payments from the borrower, which are not counted as a part of the interest rate, and then split the escrow money with the CSO.
- General Data Protection Regulation (GDPR) – This law was passed by the European Union with the aim of data protection and privacy, and some say that it's the toughest privacy and security law in the world. The GDPR applies to any organization that targets or collects data from people in the EU.
- Australian Privacy Act – The Australian Privacy Act is very similar to the GDPR and the CCPA in that it is meant to regulate the handling of personal information by organizations targeting Australian citizens, including the collection, use, storage and disclosure of the information.
Where does Compliance Fit?
Every lender should carefully research and follow the regulations governing them. Violating these laws will leave you liable to lawsuits, fines, and other penalties.
Once you've learned which laws apply to your lending operation, we recommend building automated workflows to help you comply. If a law requires you to disclose information to a borrower, don't just trust that your servicers will always remember to send it out on time. Instead, set up a Trigger-Based Notification that can get information to borrowers automatically. If laws say you shouldn't let just anyone see borrowers' personally identifying information, use Roles to limit access to only the agents who need it.