Regulatory Compliance: Checklist for Online Lenders 2019

Blog Post Digital Lending

Alternative lenders tend to push regulatory compliance to the back burner as they prioritize technology trends, marketplace evolution, and threats from new competitors. Unfortunately, this laissez faire approach could result in expensive and time-consuming complications just when they’re ready to scale their business with new products and/or new marketing campaigns. It’s important for a lending operation to manage regulatory compliance on a parallel path with growth initiatives to ensure smooth sailing on a long-term basis.

We developed this 7-point checklist, in conjunction with our compliance experts, to help lenders make sure their enterprise is free from potential compliance gaps that could trigger a regulatory examination.

The seven boxes to tick are:

  1. Advertising channels & communications messages
  2. Application review & onboarding
  3. Electronic funds transfers
  4. Fees & revenue model
  5. Transaction activity
  6. Complaints
  7. Money laundering & fraud.

Regulatory compliance is all about consumer protection. So an effective way to start a compliance gap analysis is to map out the places where prospects and customers connect with your company. The marketing department probably mapped out these consumer touchpoints when they developed their communications strategy. Use the data points to create a blueprint that will inform the optimal compliance stack for your business.

  1. Advertising Channels & Communications Messages

The customer relationship starts when prospects see, read and listen to the marketing messages. Go beyond digital, print and broadcast advertising channels. Social media posts on an employee’s personal account are subject to the same rules that govern paid advertising when they reference your products and services. A student loan company was recently penalized when employees posed as customers to post positive product reviews.

Make sure all verbal and non-verbal messages are accurate, keeping in mind that financial programs are held to a higher standard than consumer packaged goods like laundry detergent. Are you wondering what we mean by non-verbal messages? A debt counselor was fined for using an email template that mimicked legal letterhead when regulators determined that some recipients thought it was a formal legal notice from a lawyer.

  1. Application Review & Onboarding

It’s a good idea to publish an employee procedures manual that outlines the processes they’ll be required to follow for identity verification and non-discrimination. It will go a long way towards satisfying a regulator’s inquiry. Remember your organization could be held responsible for vendor policies and any third-party information used to decision an application.

Verify a new customer’s identity along with their ability to comfortably manage the debt obligation. Review your in-house CIP (customer identification program) and KYC (know your customer) processes to ensure they conform to the latest compliance regulations. Maintain detailed records in order to respond quickly to an auditor’s request.

Make sure your lending operation adheres to the ECO Act (Equal Credit Opportunity). This act prohibits discrimination in credit decisions based on: race, color, religion, national origin, sex, marital status, and age. In addition, your company must avoid any type of written or oral statements that might discourage a consumer from applying for credit, including non-verbal communication like tone-of-voice. Discrimination can take some unexpected forms. A credit union was penalized for discrimination based on a life situation when a married couple was told their mortgage would not be approved until the wife returned to work after her maternity leave.

Ensure all personal data gathered as part of the application process is retained in a safe environment. Go the extra mile to mask, obfuscate and hash information to keep it hidden from hackers in case of a data breach. Retain copies of loan applications as well as the identification used to open the account.

  1. Electronic Funds Transfers

If your lending operation provides electronic funds transfers, then you could be defined by the regulators as an MSB (money service business).

MSBs are subject to reporting and compliance requirements under the BSA (banking secrecy act), which includes these four compliance components:

  • Register with the Department Of The Treasury
  • Develop, implement and maintain an effective AML (anti-money laundering) program
  • File currency transaction reports when a transaction exceeds $10,000
  • File SARs (suspicious activity reports) if your lending operation suspects that a transaction may involve money laundering or some other illicit activity.

FinCEN (financial crimes enforcement at the Department of the Treasury) monitors electronic funds transfers closely. Western Union was fined $184 million in civil penalties when they failed to maintain an effective AML program.

  1. Fees & Revenue Model

Regulators appreciate clear communications when it comes to complex pricing structures that may be difficult for the average consumer to decipher.

Ensure all interest rates and account maintenance fees conform to regulatory guidelines. Implement a hard cap on interest rates to conform to usury laws, and make sure your operation has the correct licenses for the types of interest and fees you charge. An auto lender who was holding vehicle titles as security was fined when regulators found they were only licensed to offer unsecured loans.

Review all member materials and disclosures to make sure they clearly communicate all potential fees and charges that could be applied over the life of the account, as well as any possible changes to the account status. Use examples or charts to illustrate the content, and include a list of events that could trigger a penalty fee or account closure. Avoid legalese and use simple language that’s easily understood.

Keep in mind that proper disclosure will not protect your company from regulatory penalties if the pricing or processes were out of compliance when they were disclosed.

  1. Transaction Activity

A simple financial transaction can involve multiple steps across a variety of internal and external departments, as well as internal and external technology platforms. Plus the transaction could cross multiple domestic and international borders. When we layer on the security issues inherent in the digital transfer of funds it becomes clear why financial transactions are such a rich environment for compliance regulations.

Conduct regular end-to-end audits to ensure all systems work flawlessly. Aim for 99.99%+ accuracy.

When you review compliance regulations pertaining to transaction activity don’t be surprised by the lack of definition or implementation detail. This can be a tricky area from a compliance perspective. The regulatory directive is to ensure safety and security, but the rules don’t offer many guidelines to follow.

  1. Complaints

Your complaints process should satisfy the customer, and keep your reputation spotless.

The very best brands can’t avoid an unhappy customer from time-to-time. Digital channels make it easy for consumers to broadcast anonymous bad reviews via social media, and then file a complaint with a regulatory agency. Assign a manager to own the problem resolution process, and use customer complaints like market research. Identify the root cause of the problem, implement corrections, and avoid a similar issue in the future. You may even want to thank the complaining customer with a reward for helping you make improvements.

Complaints can come from one of three directions: directly from the customer, a regulatory notice issued after a complaint has been filed with a consumer protection agency, or by monitoring social media for references to your company. When a customer complains directly to you this is an opportunity to pre-empt a formal filing with an immediate response that resolves the issue. When you find a negative post on social media invite the person into a private conversation.

Customers can be very forgiving. It’s not unusual to transform an unhappy buyer into a brand advocate. It all depends on how quickly and effectively you manage the complaint.

  1. Money Laundering & Fraud

Alternative lenders use technology to deliver faster, easier, more convenient transactions. Regulators and law enforcement see the dark side of technology, where the bad apples manipulate digital systems to support criminal or terrorist activities. Money laundering has become a $2 trillion problem, and law enforcement is pushing a higher level of responsibility among financial services companies.

Use your CIP and KYC processes to confirm a new customer’s identity when the account is opened. Re-verify customer identity at regular intervals over the life of the account, and retain detailed records.

Monitor account activity for signs of money laundering, fraud or unauthorized use. These procedures will protect your customers, and they can protect your lending operation from regulatory penalties. Deutsche Bank was fined $41 million when they failed to maintain adequate protection against money laundering. JP Morgan Chase was fined $2 billion when they failed to report suspicious activity in the Bernie Madoff scheme.


You’re not alone if regulatory guidelines sound like a foreign language. Compliance is a legal discipline that’s both complex and robust with new rules being published on a daily basis.

We hope this 7-point checklist has helped you identify any compliance gaps in your systems and processes. If you’re interested in outsourcing noncore competencies like regulatory compliance, then you may want to request a free trial from an SaaS platform like TurnKey Lender. Our regulatory experts have already integrated compliance into the base platform, and they update the system as soon as new rules are published.

Automate every step of your consumer or commercial lending process.
Book an intro call with TurnKey Lender today.