If a letter from the U.S. Department of Justice’s Civil Rights Division — or a Civil Investigative Demand referencing the Servicemembers Civil Relief Act — lands on your General Counsel’s desk, the clock has already started. How you spend the first week shapes everything that follows: the scope of the investigation, the size of any settlement, and whether you end up under a five-year consent decree.
One complaint is usually enough to start it. Santander’s investigation began with a single Army Specialist. Hyundai’s began with one Navy airman. From there, the DOJ works outward — and an investigation that started with one servicemember routinely uncovers years of violations across thousands of accounts. The per-violation civil penalty is now $79,380, and since 2011 the DOJ has recovered over $488 million for roughly 152,000 servicemembers.
This is a checklist for the first week. It is not legal advice — engage counsel immediately — but it is the operational reality of what that week requires.
1. Do not ignore it, and do not respond informally
A DOJ SCRA inquiry is a formal matter even when it arrives as a “courtesy” letter. Treat every communication as part of a record. Do not have account reps, collections staff, or branch managers respond directly or “explain” the situation to investigators. Route everything through counsel and a single designated point of contact.
2. Issue a litigation hold immediately
The fastest way to convert a manageable investigation into a catastrophic one is to destroy or alter records after notice. Within the first day:
- Suspend any routine document-destruction or data-purge schedules touching servicemember accounts, collections files, repossession records, lease files, or correspondence.
- Preserve system logs, call recordings, and the audit trails of any system that made or applied a decision (rate caps, repossessions, lease-termination fees, foreclosures).
- Document the hold in writing and confirm receipt from everyone who touches the relevant data.
3. Engage experienced counsel — and the right vendor — early
SCRA matters are handled by a small bar of financial-services and consumer-finance defense firms who have seen this play out before. Engage them now, not after you’ve responded. Counsel will manage the DOJ relationship and the legal strategy; what they will need quickly is data — and that is where most of the delay and cost lives.
4. Scope the exposure before the DOJ does
The single most valuable thing you can do in week one is understand your own exposure before the government defines it for you. That means answering a question most institutions cannot: how many SCRA-protected servicemembers are in the population at issue, and what happened to their accounts?
This is a data exercise — every relevant account screened against the Defense Manpower Data Center (DMDC) database for active-duty status on the relevant dates, then evaluated against the applicable protection: the 6% interest rate cap (§3937), repossession (§3952), foreclosure (§3953), lease termination (§3955), or default judgment (§3931). Done by hand, it takes months. Done as a retroactive look-back, it takes weeks — and it gives counsel a defensible picture to negotiate from instead of conceding to the government’s numbers.
5. Stop the bleeding going forward
Whatever caused the violation is almost certainly still happening. The December 2024 DOJ–CFPB joint letter made the standard explicit: institutions are expected to proactively screen against DMDC, not wait for a servicemember to self-identify. Implement that screening now — every adverse action checked before it’s taken — so the period of violations closes on the day you got the letter, not the day you sign a settlement.
6. Understand where this is heading
Most SCRA investigations resolve through a negotiated consent decree filed with the complaint. The decree is the real cost — not the headline penalty. Expect it to require:
- SCRA-compliant written policies and procedures, submitted to the DOJ
- Employee training, submitted for review
- A retroactive look-back to identify and compensate every affected servicemember
- Ongoing monitoring and reporting to the DOJ, typically for three to five years
We break down all seven standard requirements, with deadlines, in our DOJ SCRA consent decree compliance guide.
The week-one checklist
- Route all communications through counsel and one point of contact
- Issue and document a litigation hold; suspend data purges
- Engage experienced SCRA defense counsel
- Begin scoping exposure: DMDC screening + eligibility across the population at issue
- Implement proactive go-forward DMDC screening to close the violation window
- Map the likely consent-decree obligations and timeline
The organizations that come through these matters in the best shape are the ones that, by the end of week one, already know their own numbers. If the DOJ asked you today how many affected servicemembers are in your records, how long would it take you to answer — and would the answer be complete?
Civrel runs the look-back as a managed engagement: DMDC screening across the historical population, per-account SCRA eligibility, relief quantified per finding, and a DOJ-format report — built to be defensible and delivered in weeks. If you’re advising a client through an SCRA matter, see our white-label look-back for law firms. If you’re the institution, check your exposure or talk to us.
Related training
See these topics covered in depth in our free SCRA training videos. Watch now →
Mario Bailey · Founder & CEO, Civrel
Mario serves in the Air National Guard (Cyber Systems Operations) and spent ten years as a software engineer before founding Civrel. He has been on the receiving end of SCRA compliance — getting his own protections applied took longer than it should have — and built Civrel so institutions can get it right.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. SCRA obligations depend on your institution's specific facts and on applicable federal and state law. Consult qualified counsel before acting on anything you read here.
Ready to automate your SCRA compliance?
See how civrel.io replaces manual processes with continuous, automated monitoring.