Compliance API¶

Regulatory compliance rules, compliance checks, monitors, credit reporting, and credit disputes.

Base permission: IsViewerOrAbove (read), IsAdminOrAbove (write for rules/monitors), IsLoanOfficerOrAbove (write for checks/disputes)

Compliance Rules¶

Define rules that are checked during loan lifecycle transitions.

Method	Path	Description	Permission
`GET`	`/compliance-rules`	List compliance rules	`IsViewerOrAbove`
`GET`	`/compliance-rules/{id}`	Get compliance rule	`IsViewerOrAbove`
`POST`	`/compliance-rules`	Create compliance rule	`IsAdminOrAbove`
`PUT`	`/compliance-rules/{id}`	Update compliance rule	`IsAdminOrAbove`
`DELETE`	`/compliance-rules/{id}`	Delete compliance rule	`IsAdminOrAbove`

Create Compliance Rule¶

POST /api/v1/compliance-rules

{
  "name": "TILA APR Tolerance",
  "rule_type": "tila_apr_tolerance",
  "enforcement": "hard",
  "parameters": {
    "tolerance_bps": 12.5
  },
  "applies_to_transitions": ["pending_to_approved"],
  "program_id": "661f9511-f3ac-52e5-b827-557766551111"
}

Enforcement Levels¶

Level	Behavior
`hard`	Blocks the lifecycle transition if the check fails
`soft`	Logs a warning but allows the transition to proceed

Built-in Rule Types¶

Rule Type	Regulation	Purpose
`tila_apr_tolerance`	TILA	APR within tolerance of disclosed rate
`respa_fee_tolerance`	RESPA	Fee variance within HUD-1 tolerance
`ecoa_adverse_action`	ECOA	Adverse action notice required on denial
`fcra_accuracy`	FCRA	Credit reporting data accuracy
`scra_rate_cap`	SCRA	Interest rate cap for servicemembers
`state_usury`	State law	Interest rate below state usury limit
`state_licensing`	State law	Lender licensed in borrower's state
`hmda_data`	HMDA	Required data collection completeness
`ability_to_repay`	ATR/QM	Debt-to-income and residual income
`ofac_screening`	OFAC	SDN list screening

Compliance Checks¶

View results of compliance checks run against loans.

Method	Path	Description	Permission
`GET`	`/compliance-checks`	List all checks	`IsViewerOrAbove`
`GET`	`/compliance-checks/{id}`	Get check result	`IsViewerOrAbove`
`POST`	`/loans/{id}/run-compliance-checks`	Run checks on loan	`IsLoanOfficerOrAbove`

Run Compliance Checks¶

POST /api/v1/loans/{loan_id}/run-compliance-checks

Response:

{
  "loan_id": "550e8400-e29b-41d4-a716-446655440000",
  "checks": [
    {
      "id": "...",
      "rule": "TILA APR Tolerance",
      "rule_type": "tila_apr_tolerance",
      "status": "passed",
      "details": "APR 8.5% within 12.5bps tolerance"
    },
    {
      "id": "...",
      "rule": "State Usury Limit",
      "rule_type": "state_usury",
      "status": "failed",
      "enforcement": "hard",
      "details": "Rate 8.5% exceeds NY usury limit of 6.0%"
    }
  ],
  "overall_status": "failed",
  "blocking_failures": 1
}

Compliance Monitors¶

Ongoing monitoring for compliance conditions (e.g., OFAC screening).

Method	Path	Description	Permission
`GET`	`/compliance-monitors`	List monitors	`IsViewerOrAbove`
`GET`	`/compliance-monitors/{id}`	Get monitor	`IsViewerOrAbove`
`POST`	`/compliance-monitors/{id}/record-hit`	Record a hit	`IsLoanOfficerOrAbove`
`POST`	`/compliance-monitors/{id}/resolve`	Resolve monitor	`IsLoanOfficerOrAbove`
`GET`	`/borrowers/{id}/monitors`	List borrower's monitors	`IsViewerOrAbove`

Credit Reporting¶

Metro 2 credit bureau reporting management.

Method	Path	Description	Permission
`GET`	`/compliance/credit-reporting`	List reporting records	`IsViewerOrAbove`
`GET`	`/compliance/credit-reporting/{id}`	Get reporting record	`IsViewerOrAbove`
`POST`	`/compliance/credit-reporting/{id}/submit`	Submit to bureau	`IsAdminOrAbove`
`GET`	`/loans/{id}/credit-reporting`	List loan's reporting	`IsViewerOrAbove`

Credit Disputes¶

FCRA-compliant dispute investigation and resolution.

Method	Path	Description	Permission
`GET`	`/compliance/credit-disputes`	List disputes	`IsViewerOrAbove`
`GET`	`/compliance/credit-disputes/{id}`	Get dispute	`IsViewerOrAbove`
`POST`	`/compliance/credit-disputes`	Create dispute	`IsLoanOfficerOrAbove`
`PUT`	`/compliance/credit-disputes/{id}`	Update dispute	`IsLoanOfficerOrAbove`
`POST`	`/compliance/credit-disputes/{id}/investigate`	Start investigation	`IsLoanOfficerOrAbove`
`POST`	`/compliance/credit-disputes/{id}/respond`	Respond to dispute	`IsLoanOfficerOrAbove`
`GET`	`/loans/{id}/credit-disputes`	List loan's disputes	`IsViewerOrAbove`

Create Credit Dispute¶

POST /api/v1/compliance/credit-disputes

{
  "loan_id": "550e8400-e29b-41d4-a716-446655440000",
  "borrower_id": "...",
  "dispute_type": "balance_accuracy",
  "description": "Borrower disputes reported balance",
  "received_from": "equifax",
  "received_date": "2026-01-10"
}

Dispute Workflow¶

received → investigating → responded → closed

FCRA requires response within 30 days of receipt.