Compliance¶

The apps.compliance module provides a regulatory compliance rule engine, ongoing monitoring, credit reporting, and credit dispute management.

Rule Engine Architecture¶

Compliance rules are implemented using the ComplianceRuleProtocol provider pattern (see Provider Pattern). Each rule is a self-contained engine that evaluates a loan against specific regulatory requirements.

Built-In Rule Engines¶

Rule	Regulation	Purpose
Fee cap	State/federal	Validates fees against maximum allowed amounts
Ability to repay (ATR)	Dodd-Frank	Verifies borrower can repay based on income/debt
TILA	Truth in Lending Act	APR disclosure accuracy, finance charge validation
ECOA	Equal Credit Opportunity Act	Fair lending, prohibited basis checking
Rate limit	State usury laws	Interest rate caps per jurisdiction
FCRA	Fair Credit Reporting Act	Credit reporting accuracy, required borrower fields
TCPA	Telephone Consumer Protection Act	Communication consent tracking, quiet hours enforcement
GLBA	Gramm-Leach-Bliley Act	Privacy notice delivery validation
UDAAP	Unfair/Deceptive/Abusive Acts	Fee and rate reasonableness against benchmarks
HMDA	Home Mortgage Disclosure Act	Required metadata field validation for reporting

Compliance Rule Configuration¶

Field	Description
`rule_type`	Which built-in rule engine to use
`regulation`	Regulatory reference
`program`	Optional FK to lending program (scope rule to a program)
`config`	JSONB configuration for rule parameters
`is_active`	Whether the rule is currently enabled

Rules can be scoped to specific lending programs or applied globally across all programs.

Enforcement Modes¶

Mode	Behavior
Hard	Blocks the lifecycle transition if the check fails
Soft	Produces a warning but allows the transition to proceed

When Checks Run¶

Compliance checks are triggered automatically at lifecycle transitions:

Origination --- When a loan application is submitted
Approval --- Before a loan can be approved
Disbursement --- Before funds are released
Charge-off --- Before a loan is charged off

On-Demand Checks¶

Compliance checks can also be run on demand:

POST /api/v1/loans/{loan_id}/compliance-check

Compliance Check Results¶

Each check creates a ComplianceCheck record:

Field	Description
`rule`	FK to the compliance rule
`loan`	FK to the loan
`status`	`passed`, `failed`, or `warning`
`details`	JSONB with check-specific results
`resolved_by`	FK to user who resolved a failure (if applicable)
`resolved_at`	When the failure was resolved

Resolution Tracking¶

Failed compliance checks can be resolved by authorized users, creating an audit trail of who reviewed and cleared the failure.

Compliance Monitors¶

Ongoing monitoring beyond point-in-time checks:

Field	Description
`monitor_type`	Type of monitoring (e.g., OFAC screening)
`borrower`	FK to borrower
`match_confidence`	Confidence level of any matches found
`hit_details`	JSONB with match details
`status`	Active, cleared, escalated

Monitors track ongoing compliance obligations such as sanctions screening (OFAC) and watchlist monitoring.

Credit Reporting¶

Integration with credit bureaus for loan reporting:

Credit Reporting Records¶

Field	Description
`loan`	FK to loan
`credit_bureau`	Target bureau (Experian, Equifax, TransUnion)
`status`	`pending`, `submitted`, `accepted`, `rejected`
`data_submitted`	JSONB with the submitted data
`reporting_date`	Date of the report

FCRA Compliance¶

The FCRA rule engine validates that all required borrower fields are present and accurate before credit reporting submission.

Credit Disputes¶

Management of borrower disputes against credit reporting:

Field	Description
`loan`	FK to loan
`dispute_type`	Type of dispute
`status`	`open`, `investigating`, `resolved`, `rejected`
`response`	Response details
`resolved_at`	Resolution date

Credit disputes follow an investigation workflow and must be resolved within regulatory timeframes (typically 30 days under FCRA).