To build a compliance checklist for a private lending operation, scan your licensing requirements by state, audit every disclosure document against TILA and RESPA standards, review advertising for trigger-term violations, verify your servicer’s boarding controls, establish recordkeeping and escrow policies, set up a complaint log, and schedule an annual review. Written and documented — every step.

Key Takeaways

  • Licensing requirements vary by state and loan purpose — a multi-state lender needs a documented state-by-state scan before any loan closes.
  • TILA disclosure accuracy is non-negotiable for consumer-purpose loans — the finance charge, the amount financed, and the payment schedule must match the note exactly.
  • Servicing handoff is a compliance event — an incomplete loan file at boarding produces errors that trace back to the original lender.
  • Escrow accounts held by a private lender require a written policy and annual reconciliation; undocumented escrow handling is one of the top triggers for state examiner findings.
  • An annual compliance review converts the checklist from a static document into a live operational control — without it, the checklist is a statement of intent, not a record of execution.

Step 1: Run a Licensing Scan by State and Loan Type

Before your checklist covers anything else, confirm you are licensed in every state where you make loans. Licensing requirements depend on three variables: the state, the loan purpose (consumer vs. business), and collateral type (residential vs. commercial). Consumer-purpose loans secured by 1-to-4 family residential property face the most demanding landscape — nearly every state with a mortgage lending statute requires a license or registration. Your scan documents the applicable statute, license type, current status, expiration date, and the regulatory agency for each operating state. The National Conference of State Legislatures mortgage lending resource provides a starting index. Cross-reference against NMLS for active registration status. Read what the licensee exemption means for private lenders before relying on any exemption claim. Consult qualified legal counsel before concluding any exemption applies to your operation.

Step 2: Conduct a Disclosure Review Against TILA and RESPA Requirements

For consumer-purpose loans, your disclosures must satisfy CFPB Regulation Z, 12 CFR Part 1026. The Loan Estimate, Closing Disclosure, and right-of-rescission notice are the core forms for most consumer mortgage transactions. Your disclosure review confirms that the finance charge, the amount financed, the total of payments, and the payment schedule each match the actual note terms exactly. For loans subject to RESPA, 12 CFR §1024 governs the servicing transfer and escrow disclosures. Review every disclosure in your loan files for the past two years — missing or inconsistent disclosures are the compliance findings that regulators document first. See five private mortgage servicing traps new lenders must avoid for the disclosure failures that recur most frequently in early-stage private lending operations.

Step 3: Run an Advertising and Marketing Audit

Every marketing piece that references a loan rate, payment amount, or credit term triggers Regulation Z’s advertising requirements under 12 CFR §1026.24. Your audit reviews all active marketing materials — website copy, social media, email campaigns, and broker-facing rate sheets — against the trigger-term rules. When a payment amount or rate other than the annual percentage rate is featured in an advertisement, the full disclosure package required by statute must accompany it. The audit also covers marketing claims about approval speed or loan terms that cannot be substantiated. Any advertising that references loan pricing must be reviewed by qualified legal counsel before deployment. Document every active piece, what disclosures accompany it, and who reviewed it. Consult qualified legal counsel before any campaign that includes rate or payment references.

Step 4: Verify Servicing Handoff Controls

The transfer of a loan to a servicer is a compliance event. Your servicer receives the loan file, sets up the borrower account, and handles all collection and communication from that point forward. An incomplete file at boarding produces downstream errors that trace back to the original lender. Your handoff checklist confirms that every transferred loan file includes: the original note and all endorsements, the recorded deed of trust or mortgage, the final title policy, the hazard insurance policy with the servicer named as loss payee, any active escrow account baseline, the complete payment history from origination, and any prior modifications. The servicer confirms receipt of each component in writing. If your servicer has no formal boarding confirmation process, that gap belongs in your compliance findings. Read the seven compliance mistakes private lenders make for the handoff failures that generate the largest downstream exposure. Consult qualified legal counsel to confirm which file components are required under applicable state servicing regulations.

Step 5: Establish a Written Recordkeeping Policy

A compliance checklist without a supporting recordkeeping policy is incomplete. Your policy specifies: what documents are retained for each loan type, the retention period for each document category, the storage format, access controls, and the destruction schedule after retention periods expire. RESPA requires servicers to retain servicing records for defined periods after loan payoff or transfer. TILA requires retention of disclosure compliance evidence. State mortgage record retention statutes vary and extend beyond federal minimums in some states. The policy documents the controlling statute for each retention category and assigns responsibility for maintaining each record type. For loans subject to 12 CFR §1024, the CFPB’s regulatory text specifies the applicable recordkeeping obligations in full. Review the policy at every annual compliance review.

Step 6: Conduct an Escrow Account Audit

If your operation collects escrow payments for taxes and insurance, those funds are subject to RESPA’s escrow rules at 12 CFR §1024.17. The escrow audit confirms: each account holds the correct balance, disbursements were made on time and in the correct amount, annual escrow analyses were completed and provided to borrowers, and any shortage or surplus was handled per regulatory requirements. Pooled escrow accounts with no per-loan tracking, late disbursements that produce penalties or coverage lapses, and missing annual analysis statements are the three most common escrow findings at examination. Review each loan with an active escrow account individually. If your operation is not structured to manage escrow correctly, transfer escrow functions to a qualified servicer. See the in-house compliance vs. outsourced servicer comparison for the operational case for servicer-managed escrow. Consult qualified legal counsel to confirm which escrow obligations apply to your loan types.

Step 7: Build and Maintain a Borrower Complaint Log

A complaint log is required for any lending operation subject to CFPB examination. A log that does not exist — or exists but contains no entries — signals to examiners that complaints are received but not recorded. Your log captures: the date received, the borrower name and loan number, the nature of the complaint, the response date and method, the resolution reached, and whether the complaint was escalated externally. Review the log quarterly for patterns — repeated complaints about the same issue are a signal of a process failure at the operational level. Every complaint involving a payment application dispute, insurance placement, or disclosure accuracy must be checked against the loan file to confirm whether the borrower’s position has merit. Consult qualified legal counsel before responding to any complaint that references a regulatory violation or formal dispute process.

Step 8: Schedule an Annual Compliance Review

A checklist completed once and filed away provides the appearance of compliance, not the substance of it. The annual review converts the checklist into a live operational control. It covers: all seven prior steps, any changes to federal or state law affecting your loan types or operating states, any regulatory guidance issued by the CFPB or applicable state agencies, complaint log findings from the prior year, and any changes to your loan products, marketing, or servicing arrangements that create new obligations. Assign a specific individual as accountable for scheduling and completing the review before year-end. Document the review date, scope, findings, corrective actions, and the responsible party’s sign-off. That documentation is what you present to an examiner when asked to demonstrate your compliance management program. Consult qualified legal counsel to confirm that your annual review scope covers all applicable federal and state requirements for your portfolio.

Tools You’ll Need

  • NMLS licensing database — confirm active license status and expiration dates by state
  • NCSL state mortgage lending statute index — map applicable statutes for each operating state
  • CFPB regulatory text for 12 CFR Part 1026 (Reg Z / TILA) and 12 CFR §1024 (Reg X / RESPA)
  • Complete loan file for every active and recently closed loan, organized by loan number
  • Servicer boarding confirmation records — written receipts for every file transferred
  • Escrow account ledgers by loan number with disbursement history and annual analysis statements
  • Borrower complaint log with date sorting, status filtering, and pattern review capability
  • Marketing and advertising inventory covering every active piece referencing loan terms or rates
  • Qualified legal counsel with mortgage lending experience in your operating states

Common Pitfalls

  • Treating business-purpose loans as automatically exempt from all state oversight — business purpose reduces federal consumer protection obligations but does not eliminate state licensing requirements in most states
  • Using a disclosure template without verifying it matches the actual loan terms — a template that pre-populates from a model loan produces inaccurate disclosures every time loan terms deviate from the template assumptions
  • Completing the checklist once and calling compliance done — a static checklist is not a compliance management program; regulatory requirements change and the checklist must change with them
  • Running escrow accounts without individual loan-level tracking — pooled escrow handling without per-loan accounting produces shortages and surpluses that cannot be attributed to a specific borrower
  • No written complaint response process — verbal complaint resolution without written documentation creates a record gap that an examiner reads as a missing compliance function
  • Skipping the advertising audit when marketing changes — every new piece with a rate or payment reference is a fresh compliance obligation; the audit is not a one-time event

Expert Take: What the Checklist Actually Protects

Frequently Asked Questions

Do private lenders need a mortgage license to make loans secured by real property?

In most states, yes. A lender making consumer-purpose loans secured by residential real property requires a mortgage lending license or registration under the applicable state statute. Business-purpose loans and commercial collateral carry different requirements that vary by state. The licensing obligation attaches to the activity and loan type — not to whether the lender is a bank or a private individual. Consult qualified legal counsel before concluding that any exemption applies to your specific loans and operating states.

What disclosures are required for a private mortgage loan?

Consumer-purpose loans secured by residential property require the full Regulation Z disclosure package under 12 CFR Part 1026, including the Loan Estimate plus the Closing Disclosure plus the right-of-rescission notice for refinances of a principal residence. Loans subject to RESPA require applicable disclosures under 12 CFR §1024. Business-purpose loans fall outside most federal consumer disclosure requirements, but applicable state law controls what written terms the borrower receives. Consult qualified legal counsel to confirm which disclosure regime applies to each loan product you originate.

What is the difference between a compliance checklist and a compliance management program?

A compliance checklist is a list of required actions and verification steps for a specific loan or process. A compliance management program is the organizational structure — policies, procedures, training, monitoring, complaint response, and annual review — that produces consistent compliance across all loans and all staff over time. The checklist is a tool inside the program. Regulators examine the program, not just individual loan files.

How does the CFPB’s escrow rule apply to a private lender collecting tax and insurance payments?

CFPB Regulation X, 12 CFR §1024.17, sets escrow account requirements for servicers of consumer mortgage loans. If you are collecting tax and insurance payments and holding them in escrow, you are performing a servicing function subject to those requirements — regardless of whether you are a bank or a private individual. The rule requires an initial escrow analysis at loan setup, annual escrow account analyses, and specific procedures for handling shortages, surpluses, and deficiencies. Consult qualified legal counsel to confirm which escrow obligations apply to your specific loan types and operating structure.

How should a private lender handle a borrower complaint about a payment error?

Log the complaint the day it arrives. Pull the servicer’s payment history for that loan. If the application was correct, respond in writing with the payment history attached. If the application was incorrect, instruct the servicer to correct it, confirm the correction in writing to the borrower, and log the resolution. Do not resolve payment complaints verbally — verbal resolution creates no documentation. Consult qualified legal counsel if the complaint references a regulatory violation or a formal dispute process.

What triggers an out-of-cycle compliance review?

Any of these conditions triggers an immediate review outside the annual cycle: a new loan product, a new operating state, a change in servicing arrangement, a regulatory guidance update from the CFPB or a state agency, or a pattern of complaints that signals a process failure. The annual calendar cycle is the baseline — material changes to your operation or the regulatory environment accelerate the review schedule regardless of when the prior review occurred.

Is an in-house compliance function or an outsourced servicer the right structure for a small private lending operation?

For most small private lenders, an outsourced servicer who manages escrow, payment processing, disclosure maintenance, and complaint handling provides more coverage at lower operational risk than an in-house function built from scratch. The servicer brings documented procedures, audit trails, and regulatory familiarity that most internal teams take years to develop. Read the full in-house compliance vs. outsourced servicer comparison for the decision criteria by portfolio size and loan type.

Sources & Further Reading

Next Steps: Work with Note Servicing Center

Building the checklist is the first step. Maintaining it across every loan, every state, and every borrower interaction is where most private lending operations break down. Note Servicing Center handles the servicing functions that generate the most compliance exposure — escrow management, payment processing, borrower correspondence, and complaint handling — so you have a documented audit trail at every stage. Contact Note Servicing Center to review your current loan portfolio and identify the compliance gaps before an examiner does.