Most first-year private lenders do not lose money on bad deals — they lose it on compliance gaps they never knew existed. These seven mistakes show up in the same order, across the same loan types, in the same first twelve months. Knowing them before closing your first loan is the difference between a portfolio and a liability.

Key Takeaways

  • Failure to determine whether a loan is subject to federal disclosure requirements under 12 CFR Part 1026 (Regulation Z / TILA) is the most common first-year compliance error — and the one with the most serious consequences.
  • State lending license requirements apply to private lenders based on loan purpose, property type, and transaction frequency — not on whether the lender considers themselves “professional.” Consult qualified legal counsel before closing your first loan in any new state.
  • The five servicing traps new lenders must avoid all flow downstream from the same root cause: treating origination and servicing as separate problems rather than as one compliance system.
  • Incomplete or missing escrow documentation at origination creates a chain of Regulation X compliance gaps that a servicer cannot retroactively fix.
  • A professional servicer running documented loss mitigation and payment tracking protocols is a compliance asset, not just an operational convenience — their records are the lender’s evidence if a dispute arises.

1. Skipping the Federal Disclosure Analysis

New private lenders assume that because they are not a bank, federal disclosure rules do not apply to them. That assumption is wrong for a significant share of private loans. 12 CFR Part 1026 — Regulation Z, implementing the Truth in Lending Act — applies to any creditor who extends credit secured by a dwelling, regardless of whether that creditor holds a banking license. The definition of “creditor” under Reg Z is based on transaction volume and regularity, not on institutional status.

If a private lender meets the Reg Z creditor threshold, the loan requires specific disclosures: the finance charge, the amount financed, the total of payments, the payment schedule, and the annual percentage rate — all presented in a form the regulation prescribes. Failure to provide compliant disclosures on a covered loan is a statutory violation. The remedies available to a borrower on that basis are significant, and the burden of proof falls on the lender to demonstrate that disclosures were provided correctly and on time. Consult qualified legal counsel before determining whether any specific transaction is subject to Reg Z disclosure obligations.

The disclosure obligation also applies at the time of consummation — not after. A lender who provides the required information two days after closing has not cured the problem. The analysis has to happen before the loan closes.

What to do instead

Before your first loan closes, have qualified legal counsel determine whether your anticipated transaction volume and structure triggers Reg Z creditor status in your state. If it does, establish a compliant disclosure process — either in-house with attorney-drafted forms or through a servicer who manages disclosure delivery as part of the origination support workflow. Do not close a covered loan without documented proof that compliant disclosures were delivered on time.

2. Ignoring State Lending License Requirements

State lending license requirements are not uniform. The threshold for when a private lender must hold a state license varies by state, by loan purpose (consumer versus business), by property type (1-to-4 family versus commercial), and by the frequency of the lender’s activity. Some states require licensure after the first loan. Others set a transaction threshold. Most apply different rules to loans secured by residential property versus commercial collateral.

The National Conference of State Legislatures (NCSL) tracks state mortgage lending laws, but the specific licensing thresholds are administered by each state’s Department of Financial Institutions (DFI) or equivalent regulator. The rules change, and what was true last year in a given state is not guaranteed to be true today. A lender operating without a required license is not just exposed to regulatory action — the loan documents executed without the required license are unenforceable in some states, which means the lender has an unsecured obligation rather than a secured note. Consult qualified legal counsel on licensure requirements before entering any new state market.

The detailed framework for when licensure applies and what the exemptions cover is at what is the licensee exemption in private lending — the exemption is narrower than most first-year lenders assume.

What to do instead

Run a state-by-state licensing analysis before closing any loan outside your home state — and revisit that analysis for your home state if your transaction volume increases. The analysis is not a one-time event; licensing thresholds are volume-dependent, and a lender who closes two loans in year one and twelve in year two has a different compliance profile. Engage a compliance attorney with mortgage lending experience, not a general business attorney, for this analysis.

3. Treating the Note as the Only Document That Matters

The promissory note defines the borrower’s repayment obligation. It does not, by itself, create the servicer’s compliance framework. First-year lenders who draft a solid note and assume the compliance work is done have skipped the second half of the job. The deed of trust or mortgage, the escrow agreement, the insurance requirements, the servicing disclosure, and — for consumer loans — the federal disclosure package are each separate documents with separate legal functions. Missing any one of them creates a gap in the legal structure that the note alone cannot fill.

Under 12 CFR §1024 (Regulation X), the servicing disclosure statement is a required document for federally related mortgage loans — it must be provided at application, not at closing. A lender who skips this step because they assume their loan is not federally related has made an assumption without analysis. The test for whether a loan is federally related is fact-specific and requires a legal determination, not a guess.

The checklist framework for building a compliant document package is detailed at how to build a private lender compliance checklist — the structure there maps each document to the regulation that requires it.

What to do instead

Treat the loan document package as a system, not a note with attachments. Work with a mortgage attorney to build a template package that includes every required document for your loan type, property type, and state. Review that package every time you enter a new state or change loan structure. A servicer who handles the full document package from origination through payoff is also a structural safeguard — they catch document gaps before closing, not after a dispute arises.

4. Skipping the SCRA Check on Every Loan

The Servicemembers Civil Relief Act — 50 U.S.C. App §501 and following — limits the interest rate and restricts certain remedies on obligations of active-duty military service members. The law does not require the borrower to invoke it for it to apply. A private lender who proceeds with contractual enforcement on a loan held by an active-duty service member without conducting the required SCRA analysis has violated a federal statute, regardless of whether the borrower raised the issue. The enforcement risk is not theoretical — the CFPB and Department of Justice both enforce SCRA compliance against non-bank mortgage lenders.

The SCRA check is not a one-time event at origination. Military status changes — a borrower who was a civilian at closing enters active duty later. A servicer with a documented SCRA monitoring protocol catches these transitions and adjusts the servicing treatment before a compliance exposure occurs. A lender self-servicing without this protocol does not.

What to do instead

Run an SCRA check through the Department of Defense Manpower Data Center (DMDC) database on every borrower at origination and at any point where you or your servicer is initiating a formal remedy under the note. Document the check result and the date. If a borrower is identified as active duty, contact qualified legal counsel before taking any action on the loan — the SCRA restrictions on remedies are specific and the consequences of violating them are serious.

5. Leaving Escrow Setup to Chance

Private lenders on 1-to-4 family properties who collect funds for property taxes and insurance are operating an escrow account, whether they call it that or not. 12 CFR §1024.17 (Regulation X, escrow accounts) governs how escrow accounts must be set up, analyzed, and communicated to borrowers on federally related mortgage loans. The analysis must be conducted at the time the escrow account is established, and the servicer must provide an initial escrow account disclosure statement.

A first-year lender who is collecting property tax and insurance funds without a formal escrow setup, without an initial analysis, and without the required disclosure statement has created a regulatory exposure from day one. When those funds are used to pay a tax bill or insurance premium, the accounting must be traceable, documented, and reconcilable. Informal collection and disbursement — even with good intentions — does not satisfy the regulatory requirement.

The downstream consequences of escrow setup errors are detailed in in-house compliance versus outsourced servicer — the cost of retrofitting escrow documentation after the fact is significantly higher than setting it up correctly at origination.

What to do instead

If your loan structure includes an escrow account, engage a professional servicer to set it up, conduct the initial escrow analysis, and issue the required disclosure at origination — not after the first payment cycle. The servicer’s annual escrow analysis requirement under §1024.17 is an ongoing obligation, not a one-time event. A servicer who handles this as part of their standard workflow removes the analysis and disclosure burden from the lender entirely.

6. Self-Servicing Without a Written Servicing Agreement

A private lender who services their own loans — collecting payments, managing escrow, handling borrower inquiries — is acting as a servicer. That role carries regulatory obligations under both federal and state law, regardless of whether the lender has formalized that role in writing. The absence of a written servicing agreement does not reduce the compliance obligations; it just removes the documentation that defines who is responsible for what.

When a dispute arises — a payment dispute, an insurance lapse, a claim that a loss mitigation option was not offered — the borrower’s first question is what the servicer was obligated to do and whether they did it. A lender self-servicing without a written servicing agreement has no document that answers that question. The payment records, contact logs, and escrow analyses that a professional servicer maintains as a matter of course do not exist in informal self-servicing arrangements. That absence is not neutral — it is a gap in the lender’s evidence.

What to do instead

If you choose to self-service, draft a written servicing agreement that defines the scope of your servicing obligations, your payment processing procedures, your escrow management protocols, and your contact and notice procedures for delinquency situations. Have qualified legal counsel review that agreement against the applicable federal and state servicing requirements before you begin servicing any loan. Alternatively, engage a professional servicer whose compliance framework is already built — the cost of professional servicing is lower than the cost of a compliance gap discovered in a dispute. The comparison of those options is at in-house compliance versus outsourced servicer.

7. Assuming Business-Purpose Loans Have No Consumer Protection Exposure

Private lenders who make business-purpose loans on residential properties operate under a different — but not absent — regulatory framework than consumer mortgage lenders. The consumer protection exemptions that apply to genuine business-purpose loans do not automatically apply because the borrower signed a business-purpose certification. The substance of the transaction determines coverage, not the form of the paperwork.

A loan secured by a 1-to-4 family owner-occupied property, made to a borrower who is using the funds for personal or household purposes, is a consumer loan — regardless of what the borrower represented at closing. A first-year lender who relies on a business-purpose certification without analyzing the actual use of proceeds has accepted the representation without verification. If the loan is later determined to be a consumer transaction, the federal disclosure and servicing requirements apply retroactively to origination. Consult qualified legal counsel before treating any loan on residential collateral as categorically exempt from consumer protection coverage.

What to do instead

For every loan on residential collateral, document the purpose analysis — not just the borrower’s certification, but the facts that support the purpose conclusion: the borrower’s business entity, the business plan for the property, the source of repayment. Keep that documentation in the loan file. A professional servicer who receives a well-documented file at boarding has the foundation to administer the loan correctly from the first payment cycle. One who receives a file with a certification and no supporting analysis is starting with a gap.

Expert Take: What I See in New Lender Files

Frequently Asked Questions

Does Regulation Z apply to every private lender making residential loans?

Reg Z applies to “creditors” — defined under 12 CFR Part 1026 as lenders who extend consumer credit secured by a dwelling on a regular basis. The “regular basis” threshold is transaction-volume-based and is defined in the regulation. A lender who closes one loan per year as a truly isolated event is unlikely to meet the threshold. A lender who closes multiple loans per year on residential collateral is likely to qualify. Consult qualified legal counsel for a determination based on your specific transaction volume and loan structure — the analysis is fact-specific and the consequences of a wrong conclusion run in one direction.

How do I find the lending license requirements for my state?

Each state’s Department of Financial Institutions (or equivalent regulator) publishes its licensing requirements. The National Conference of State Legislatures mortgage lending law tracker provides a state-by-state overview, but the specifics — thresholds, exemptions, application requirements — are in each state’s DFI regulations and guidance documents. The licensee exemption framework that applies to many private lenders is explained at what is the licensee exemption in private lending. Engage a mortgage licensing attorney for any state where you plan to close loans — the analysis is not something to resolve with a website search.

What is the SCRA database check and how do I run it?

The Department of Defense Manpower Data Center (DMDC) maintains a database of active-duty service members that lenders and servicers use to verify SCRA status. The check is available at scra.dmdc.osd.mil and accepts individual name and Social Security number or date of birth queries. Professional servicers run SCRA checks as a standard part of their boarding and loss mitigation workflow. A lender self-servicing without this protocol is running a compliance exposure on every loan in their portfolio that involves a borrower who is or becomes active duty.

What makes a loan “federally related” under RESPA?

A mortgage loan is federally related under RESPA if it is made by a federally regulated lender, insured by a federal agency, made in connection with a federally regulated program, or intended for sale to a federally chartered or regulated secondary market entity — and if it is secured by a 1-to-4 family residential property. The definition under 12 U.S.C. §2602 is broader than most private lenders expect: a loan that is sold to a conventional investor who securitizes it through a federally regulated entity is federally related even if the originating lender is a private individual. The full statutory definition is at 12 CFR §1024 (Regulation X). Consult qualified legal counsel to determine whether any specific loan is federally related.

Can I fix a compliance gap discovered after a loan closes?

The answer depends on the specific gap and the regulation that applies. Some disclosure failures have cure periods specified in the regulation itself; others do not. A missing escrow disclosure is a different problem than a missing TILA disclosure. A state licensing violation is different from a federal servicing gap. What is consistent across all of them is that the remediation options narrow as time passes — a gap identified and addressed before a dispute is easier to resolve than the same gap raised by a borrower in a formal complaint. The detailed servicing traps that flow from origination gaps are covered in the parent resource at five private mortgage servicing traps new lenders must avoid. Consult qualified legal counsel on any specific remediation question.

Sources & Further Reading

  • 12 CFR Part 1026 — Regulation Z (Truth in Lending) — CFPB; governs disclosure requirements for creditors extending consumer credit secured by a dwelling, including the finance charge, the amount financed, the total of payments, the payment schedule, and the annual percentage rate
  • 12 CFR §1024 — Regulation X (RESPA) — CFPB; defines federally related mortgage loan coverage, escrow account requirements, servicing disclosure obligations, and loss mitigation procedures
  • 12 CFR §1024.17 — Escrow Accounts — CFPB Regulation X; sets requirements for escrow account setup, initial escrow disclosure, annual analysis, and shortage notification
  • State Mortgage Lending Laws — National Conference of State Legislatures (NCSL); state-by-state tracker of mortgage lending license requirements and consumer protection statutes
  • SCRA Database — DMDC — Department of Defense Manpower Data Center; official active-duty status verification tool for SCRA compliance checks on individual borrowers
  • 12 CFR §1024.39 — Early Intervention Requirements — CFPB Regulation X; servicer obligations for establishing contact with delinquent borrowers and providing written notice of loss mitigation options