How to Prepare for an SCRA Compliance Audit

Whether it comes from the DOJ, CFPB, OCC, or your own internal compliance team, an SCRA compliance audit evaluates the same core question: can you prove you are protecting servicemembers as the law requires?

This guide covers what auditors and examiners look for, how to prepare, and where most organizations discover they have gaps.

What Triggers an SCRA Compliance Audit

SCRA audits do not happen randomly. They follow patterns.

External triggers:

• Servicemember complaints to the DOJ, CFPB, or state attorneys general
• CFPB supervisory examination findings during routine bank or servicer exams
• OCC or FDIC examination cycles for regulated institutions
• DOJ Servicemembers and Veterans Initiative investigations
• Qui tam (whistleblower) complaints from current or former employees

Internal triggers:

• New general counsel or chief compliance officer reviewing inherited programs
• Board or risk committee requesting compliance posture assessment
• Merger or acquisition due diligence
• Consent decree compliance monitoring (for organizations already under enforcement)
• Annual compliance program review

In practice, most organizations do not know an external audit is coming until the examiner letter arrives. The time to prepare is before that happens.

What Examiners Evaluate

Based on DOJ consent decrees and CFPB supervisory guidance, examiners consistently evaluate seven areas.

1. Military Status Verification Process

The most basic question: how do you determine whether a borrower, tenant, or customer is an active-duty servicemember before taking any adverse action?

Examiners want to see:

• DMDC (Defense Manpower Data Center) verification as the primary source
• Verification timing: before every adverse action, not just at origination
• Name matching procedures for handling variations, nicknames, and suffixes
• Documentation of every verification attempt and result

Common finding: Organizations verify at origination but not before subsequent adverse actions like repossession, eviction, or default judgment. The SCRA requires verification at the point of each adverse action, not just once.

2. Interest Rate Cap Compliance (Section 3937)

For lenders, this is often where the largest violations are found. The CFPB reported that at one major auto lender, fewer than 10% of eligible loans received the required 6% rate reduction.

Examiners check:

• Whether rate caps are applied proactively (not only on request)
• Whether the cap is applied retroactively to the date of military entry
• Whether excess interest is forgiven (not deferred)
• Whether the reduced rate applies to all covered obligations (not just those the borrower identifies)

3. Adverse Action Safeguards

This covers repossessions, foreclosures, evictions, default judgments, and any other action that could harm a protected servicemember.

Examiners want to see:

• Automated holds or flags that prevent adverse actions against protected individuals
• Court order verification before proceeding against known servicemembers
• A workflow that cannot be bypassed by individual staff members
• Documentation showing the hold was applied and when it was released

4. Lease Termination and Early Termination Handling

For property managers, examiners evaluate whether servicemembers who provide PCS or deployment orders receive the protections they are entitled to:

• Early lease termination without penalty
• Prorated rent calculation
• Security deposit return per state law
• No negative reporting to tenant screening services

5. Staff Training and Awareness

Every DOJ consent decree since 2019 has required SCRA-specific staff training. Examiners look for:

• Documented training attendance with dates and attendee names
• Training content that covers the specific SCRA provisions relevant to the organization’s operations
• Recurring training schedule (typically annual, with 30-day onboarding for new hires)
• Evidence that training was not just delivered but understood (scenario-based testing)

6. Audit Trail and Documentation

This is where audits succeed or fail. Even if your processes are correct, you need to prove it.

Examiners expect:

• A retrievable record of every military status verification
• Documentation of every rate cap calculation and adjustment
• Records of adverse action holds: when applied, why, when released
• Communication logs with servicemembers regarding their protections
• All records retained for the period specified in your policies (typically 5-7 years)

7. Continuous Monitoring

Checking military status once is not enough. Guard and Reserve members can activate and deactivate during the life of a loan or lease. Examiners ask:

• How frequently is the portfolio re-screened for military status changes?
• What happens when a new activation is detected mid-loan or mid-lease?
• Is there an automated process, or does it depend on the servicemember notifying you?

How to Prepare: A Practical Checklist

30 Days Before (or Right Now if No Audit Is Scheduled)

• Run a portfolio-wide DMDC verification to establish a current baseline
• Pull a sample of recent adverse actions (repossessions, evictions, default judgments) and verify that military status was checked before each one
• Review rate cap calculations for a sample of military borrowers; confirm the cap was applied correctly and retroactively
• Gather training records: dates, attendees, content covered
• Test your documentation retrieval: can you produce a complete compliance record for a randomly selected servicemember interaction within 24 hours?

14 Days Before

• Identify and remediate any gaps found in the 30-day review
• Brief relevant staff (compliance, legal, servicing, collections) on what to expect during an examination
• Prepare a compliance program summary document that describes your SCRA processes, verification procedures, and training program
• Ensure all relevant systems are accessible and that compliance staff can pull records on demand

Day Of

• Have your compliance program summary ready for the examiner
• Designate a single point of contact for examiner requests
• Do not volunteer information beyond what is asked, but be fully responsive to every request
• Document all examiner requests and your responses

Where Organizations Discover Gaps

After conducting compliance assessments across property management, auto lending, banking, and mortgage servicing, the most common gaps we find are:

1. No continuous monitoring. Military status was checked at origination but never again. Guard and Reserve activations during the loan or lease term were missed entirely.

2. Rate caps applied only on request. The SCRA requires proactive application. Waiting for the servicemember to request the rate reduction is a violation.

3. Fragmented documentation. Verification records exist in one system, rate cap calculations in another, communication logs in a third. No single view of compliance for a given servicemember.

4. Training gaps. Training was conducted once but not repeated annually. New hires were not trained within 30 days. No scenario-based exercises, just a slide deck.

5. No automated safeguards. The organization relies on individual staff members to remember SCRA obligations rather than building compliance into system workflows.

The Cost of Getting It Wrong

Since 2011, federal agencies have recovered over $400 million for servicemembers through SCRA enforcement actions. Individual penalties have ranged from $109,000 (BayPort Credit Union) to $98 million (JPMorgan Chase). Consent decrees typically run 5 years and require ongoing monitoring, reporting, and system changes.

Beyond financial penalties, enforcement actions create reputational damage, examiner scrutiny across all compliance areas, and operational disruption that can last years.

---

Capital One paid $12 million for failing to cap interest rates on military loans. If a servicemember submitted a rate cap request tomorrow, would your team know exactly what to do?

Check Your Exposure → · See Pricing →

---

Sources: DOJ Servicemembers and Veterans Initiative enforcement actions (2011-2026); CFPB Supervisory Highlights (2023-2025); OCC Comptroller’s Handbook on Fair Lending; 50 U.S.C. Chapter 50.