Thank you for your interest in LoanPro. There are more articles in our knowledge center than are currently available to you. To view all content, please log in.

Which Laws do Lenders Need to Comply With?

The first step in compliance is knowing what rules apply to you.

Table of Contents


Audience: Upper Management, Loan Servicing/Collections Managers, Administrator, Compliance, Data


In the same way governments inspect food packaging plants and restaurants to keep consumers safe from food poisoning, they also regulate the lending industry to protect consumers from deceptive loan terms or unfair treatment.

But not all laws apply equally to different kinds of lenders or in different states. This article will explore some of the important regulations that those different kinds of lenders need to comply with.

Disclaimer: This article summarizes some major lending regulations, but it's by no means a comprehensive list. Lenders should work with their legal team to figure out exactly what laws they need to comply with.


What are Lending Regulations?

In the United States, lending regulations are written by a few different groups. At the federal level, Congress writes and passes bills. Then, the Federal Trade Commission (FTC) and Consumer Finance Protection Bureau (CFPB) write more specific regulations based around the acts that Congress passes.

In addition to these federal laws and regulations, there are also state laws and regulations. These will of course vary depending on the state that a lender is operating in. Governments outside the U.S. of course have their own methods for drafting and enacting regulations, which still govern US lenders if they serve clients in those countries.

The Difference between Legislation and Regulation: A Quick Civics Lesson

The United States Constitution sets up three branches of government. The legislative branch is Congress, who passes laws that broadly explain what lenders can and cannot do. The Commerce Clause of the Constitution specifically says that they can create laws governing "Commerce... among the several States," which gives them authority to write laws concerning industries like lending. These laws are enforced by the executive branch, made up of the President and all the agencies who work under them, like the FTC and CFPB. When there's a disagreement about what the law means or whether it's constitutional, lenders and borrowers can sue those executive agencies, and the case will be heard by the courts in the judicial branch.

In theory, it should be the elected senators and representatives in Congress who decide what the rules are. In practice though, elected officials lack specific knowledge about most fields, so they delegate all the details to executive agencies. Congress might pass a piece of legislation, like the Truth in Lending Act (TILA), and then the FTC writes regulations detailing all the specifics, like Regulation Z.

There's a similar balance of responsibilities at the state level, where state legislatures pass laws that state agencies, headed by a governor, will enforce.


Federal Laws

Law Applies to Description
TILA All consumer loans (but not Business-to-Business) The Truth in Lending Act mandates that lenders inform consumers with a few key numbers at account opening and throughout the life of an account. The CARD Act, the FCCCDA, and the FCBA are all amendments to TILA.
CARD Act Credit card issuers The Credit Card Accountability, Responsibility, and Disclosure Act is designed mainly to increase consumer protections and place requirements for disclosing information to consumers regarding their credit card accounts.
FCCCDA All consumer loans (but not Business-to-Business) The Fair Credit and Charge Card Disclosure Act regulates what information should be disclosed with solicitations and applications for credit or charge cards.
Small-Dollar Payments Rule Primarily Small-Dollar Lenders. We have an article on who it applies to. The CFPB's Small-Dollar Payments rule regulates loans that are less than 45 days, more than 36% APR, or a large final payment.
FDCPA Debt collectors The Fair Debt Collections Practices Act places restrictions on what information a debt collector can share, who they can share it with, and how they can behave while working to collect on debts.
GLBA All financial institutions The Gramm-Leach-Bliley Act was created to regulate how financial institutions protect and use the nonpublic personal information of their customers.
FCBA All consumer loans The Fair Credit Billing Act protects consumers from unfair billing practices.
ECOA All loans The Equal Credit Opportunity Act prohibits discrimination in any aspect of a credit transaction.

State Laws

  • California Consumer Privacy Act (CCPA) – The CCPA gives consumers in that state control over their data, and it's been followed by similar acts in Virginia, Colorado, and Utah. (Canada has its own nationwide legislation, PIPEDA.) People in these states can request from a lender a copy of all the data that lender has on them, and can also request that the lender deletes the data entirely. California also has a law called CALOPPA, which requires commercial websites and online services to follow certain privacy requirements. While this isn't a lending specific regulation, it does apply to any lenders who have websites or offer online services.
  • Usury Laws – State legislatures sometimes set a price cap on interest rates. Texas caps theirs at 10%, and Ohio sets 8% as the legal maximum. Lenders in states with low interest caps can often get around them by working with a Credit Services Organization (CSO), third parties who might handle customer acquisition and underwriting. They'll typically work out an arrangement where the lender takes escrow payments from the borrower, which are not counted as a part of the interest rate, and then split the escrow money with the CSO.

Foreign Laws

  • General Data Protection Regulation (GDPR) – This law was passed by the European Union with the aim of data protection and privacy, and some say that it's the toughest privacy and security law in the world. The GDPR applies to any organization that targets or collects data from people in the EU.
  • Australian Privacy Act – The Australian Privacy Act is very similar to the GDPR and the CCPA in that it is meant to regulate the handling of personal information by organizations targeting Australian citizens, including the collection, use, storage and disclosure of the information.

Where does Compliance Fit?

Every lender should carefully research and follow the regulations governing them. Violating these laws will leave you liable to lawsuits, fines, and other penalties.

Once you've learned which laws apply to your lending operation, we recommend building automated workflows to help you comply. If a law requires you to disclose information to a borrower, don't just trust that your servicers will always remember to send it out on time. Instead, set up a Trigger-Based Notification that can get information to borrowers automatically. If laws say you shouldn't let just anyone see borrowers' personally identifying information, use Roles to limit access to only the agents who need it.

Written by Andy Morrise

Updated on April 14th, 2023

Have Questions?

Contact Us