How to Prepare for an SCRA Compliance Exam: The Practical Guide

If your institution is subject to OCC, CFPB, FDIC, or state regulatory examinations, SCRA compliance is on the checklist. The OCC historically required SCRA transaction testing at least once every three supervisory cycles. As of January 2026, OCC shifted to a risk-based supervision model (Bulletin 2025-36), but SCRA remains a standard examination topic. and institutions with any history of SCRA issues should expect enhanced scrutiny. The CFPB includes SCRA in its Supervision and Examination Manual. And if your institution has any history of SCRA-related issues, expect examiners to look harder.

This guide covers what regulators actually examine, what documentation they expect, and how to prepare before they walk in the door.

What Examiners Are Looking For

Regulators evaluate SCRA compliance across three dimensions:

1. Policies and procedures. Do you have written SCRA policies? Do they cover every relevant product and obligation. not just mortgages, but auto loans, credit cards, installment debt, and lease agreements? Do they address rate cap applications, adverse action holds, default judgment protections, and military status verification?

Examiners compare your written policies against the statutory requirements in 50 U.S.C. Chapter 50. If your policy says “verify military status before foreclosure” but doesn’t mention repossessions, storage liens, or lease termination fees, that gap becomes a finding.

2. Operational compliance. Written policies mean nothing if they aren’t followed. Examiners pull samples of loan files, adverse actions, and rate cap applications to verify that staff actually did what the policy says. This is where most institutions fail.

Common transaction testing includes:

• Loan files where the borrower was on active duty. did the institution apply the 6% rate cap?
• Default judgments entered during the review period. was military status verified before filing?
• Repossessions or foreclosures. was a court order obtained for servicemember-held accounts?
• Eviction filings. was military status checked before proceeding?
• Rate cap requests from servicemembers. was the reduction applied retroactively to the activation date?
• DMDC verification records. is there a certificate for each check, with a timestamp?

3. Compliance management system. Examiners assess whether your CMS actually catches SCRA issues before they become violations. That means: board-level oversight, designated compliance officer responsibility, training programs with SCRA-specific content, monitoring and audit schedules, complaint management procedures, and corrective action tracking.

The OCC’s Comptroller’s Handbook on the Servicemembers Civil Relief Act (March 2021) lays out the full examination framework. If you haven’t read it, read it before the exam.

The Documentation Examiners Will Request

Every examination starts with a document request list. For SCRA, expect to produce:

Policies and governance

• Written SCRA compliance policies and procedures
• Board minutes showing SCRA is discussed and oversight is documented
• Compliance committee minutes covering SCRA
• Compliance officer designation with SCRA responsibilities defined
• Training materials and attendance records. who was trained, when, on what

Operations and controls

• SCRA-specific monitoring and audit reports from the review period
• Military status verification procedures. how, when, and by whom
• DMDC verification logs with certificates and timestamps
• Rate cap application procedures and records
• Adverse action hold procedures (repossession, foreclosure, eviction, default judgment)
• Servicemember complaint log and resolution records

Transaction samples

• Originated loans where borrower was identified as active duty
• Denied SCRA rate cap requests with denial rationale
• Foreclosure and repossession actions taken during the review period
• Default judgments entered during the review period
• SCRA-related customer complaints and resolutions

If you can’t produce clean documentation for any of these, that’s a finding.

The Five Areas Where Institutions Fail

Based on published enforcement actions and consent orders, the same problems show up repeatedly:

1. Proactive identification failures. The December 2024 DOJ-CFPB joint letter made this explicit: institutions must proactively identify servicemember accounts, not wait for borrowers to request protections. The CFPB found that fewer than 10% of eligible auto loans received the required interest rate reduction. That’s not a few missed accounts. it’s a systemic identification failure.

Examiners will ask: how do you identify servicemembers in your portfolio? If the answer is “we wait for them to tell us,” that’s a finding.

2. Rate cap calculation errors. The 6% cap under Section 3937 applies retroactively to the date of active-duty entry, not the date of the servicemember’s request. Forgiven interest is exactly that. forgiven, not deferred. Examiners test whether the retroactive calculation was done correctly and whether the interest forgiveness was properly applied.

Common errors: applying the cap from the request date instead of the activation date. Deferring excess interest instead of forgiving it. Failing to recalculate minimum payments. Missing the rate cap on one product (like a credit card) while applying it to another (like a mortgage) for the same servicemember.

3. Adverse action gaps. Court orders are required before repossessing property, foreclosing on a mortgage, or evicting a servicemember during active duty. “We didn’t know they were active duty” is not a defense. that’s why verification is required before every adverse action.

Santander paid $9.35 million for 1,112 illegal vehicle repossessions. PRG Real Estate paid $1.59 million for 152 false military status affidavits. In both cases, the institutions had policies. The execution failed. The pattern of escalating enforcement shows no sign of slowing.

4. Incomplete audit trails. Examiners want to see the full chain: when was military status verified, what was the result, what action was taken, who approved it, and when. If any link in that chain is missing, the institution can’t demonstrate compliance even if it was actually compliant.

A DMDC check without a saved certificate is unverifiable. A rate cap application without a timestamp is undocumented. An adverse action hold without an approval record is uncontrolled. A complete audit trail must link every verification to the decision it informed.

5. State law blind spots. Federal SCRA sets the floor, but 15+ states have additional military protections. shorter notice periods, lower deployment thresholds, enhanced National Guard coverage, stronger penalties. California extends post-discharge eviction protection to 120 days (vs. 90 federal). Florida’s deployment threshold is 60 days (vs. 90 federal). North Carolina’s protections are non-waivable.

If your institution operates in multiple states, examiners may test whether you’re tracking state-specific requirements, not just federal ones.

A Practical Exam Preparation Checklist

90 days before your expected examination window:

• Pull and review your written SCRA policies. Compare line-by-line against OCC Comptroller’s Handbook examination procedures. Close any gaps.
• Run your own transaction testing. Sample loan files with active-duty borrowers and verify that rate caps, adverse action holds, and verifications were executed correctly.
• Verify your DMDC logs are complete. Every military status check should have a saved verification certificate with date, result, and the requestor.
• Audit your rate cap calculations. Pull a sample of accounts where the 6% cap was applied and verify the retroactive date and forgiveness calculation are correct.
• Check your adverse action records. For every repossession, foreclosure, and eviction during the review period, confirm that military status was verified and a court order was obtained where required.
• Review complaint records. Pull all servicemember-related complaints and verify they were resolved, documented, and escalated appropriately.
• Confirm training records are current. Examiners want to see who was trained on SCRA, when, and that training is repeated periodically.
• Verify board-level oversight documentation. Board and committee minutes should show SCRA compliance is discussed, with findings and remediation tracked.

30 days before:

• Prepare the document package. Organize everything the examiner will request into a clean, accessible format. Don’t make them dig.
• Brief your compliance team. Everyone who will interact with examiners should know the SCRA policies, recent changes, and where documentation lives.
• Identify any known gaps. If you find issues during self-testing, document them as known items with remediation plans. Examiners view self-identified issues more favorably than surprises they discover.
• Review multi-state exposure. If you operate across state lines, confirm that state-specific military protections are tracked and applied.

What a Clean Exam Looks Like

Institutions that pass SCRA exams without findings share a few characteristics:

They verify military status proactively. screening their portfolio against DMDC on a regular schedule, not just when a servicemember calls.

They keep complete records. Every verification has a certificate. Every rate cap application has a calculation worksheet. Every adverse action has an approval chain.

They catch their own errors. Self-testing programs that sample transactions, identify gaps, and remediate before examiners arrive demonstrate that the compliance management system is working.

They track state-specific requirements. A national property manager, multi-state lender, or credit union that can show state-by-state compliance tracking gets fewer follow-up questions.

And they don’t treat SCRA as a manual process. At scale, manual verification and spreadsheet tracking create the exact gaps examiners are trained to find. The institutions with the cleanest exams have automated the verification, monitoring, and documentation workflows so compliance doesn’t depend on individual staff members remembering to check.

About civrel.io

civrel.io automates the SCRA compliance workflows that examiners test: military status verification against DMDC, continuous portfolio monitoring, rate cap identification, adverse action safeguards, and audit-ready documentation with 7-year retention. Every verification produces a DMDC certificate stored with a complete audit trail. Every compliance action. eligibility determinations, rate adjustments, adverse action checks. is logged with user, timestamp, and statutory citation.

If your compliance process depends on manual DMDC lookups and spreadsheet tracking, an exam will find the gaps. civrel.io closes them.

---

Capital One paid $12 million for failing to cap interest rates on military loans. If a servicemember submitted a rate cap request tomorrow, would your team know exactly what to do?

Check Your Exposure → · See Pricing →

Related Reading

• SCRA Compliance Audit Guide
• SCRA Compliance Checklist for Lenders
• The True Cost of Manual SCRA Compliance

Sources: OCC Comptroller’s Handbook: Servicemembers Civil Relief Act (March 2021); CFPB Supervision and Examination Manual; DOJ-CFPB Joint Letter, December 2024; DOJ Servicemembers & Veterans Initiative; 50 U.S.C. Chapter 50 (Servicemembers Civil Relief Act)