← Blog | Compliance & Risk

How to Conduct a Retroactive SCRA Portfolio Audit Before the DOJ Does

March 4, 2026 · civrel.io
Share

Nearly every major SCRA consent decree issued by the DOJ has required the same thing: a retroactive portfolio audit. The company must go back through years of records, identify every servicemember who should have been protected, and calculate what they are owed.

The companies that do this proactively, before the DOJ demands it, control the timeline, the methodology, and the cost. The companies that wait pay more, take longer, and do it under a consent decree with a DOJ monitor looking over their shoulder.

This guide covers what a retroactive SCRA portfolio audit looks like, what the DOJ has required in past consent decrees, and how to run one yourself.

Why Retroactive Audits Matter

The DOJ does not just look at your current compliance. It looks backward. When an investigation uncovers SCRA violations, the question is always: how far back do these go, and how many servicemembers were affected?

The answer determines the size of the settlement, the scope of remediation, and whether the DOJ pursues a consent decree with multi-year monitoring.

Running a proactive retroactive audit before enforcement action accomplishes three things:

  1. You find and fix violations before they become enforcement actions. If the DOJ comes calling, you can show you already identified the problem, remediated affected servicemembers, and changed your processes.

  2. You control the scope and methodology. Under a consent decree, the DOJ defines the lookback period, what gets audited, and who reviews the work (typically an independent consultant you pay for). Proactively, you make those decisions.

  3. You reduce financial exposure. Remediating a servicemember you identify yourself costs the amount owed plus interest. Remediating the same servicemember under a consent decree costs the amount owed plus a civil penalty per violation ($79,380 first offense, $158,761 subsequent), plus the cost of the independent consultant, plus years of monitoring.

What the DOJ Has Required: Lookback Periods by Case

Every major SCRA consent decree has included a mandatory retroactive audit. Here is what the DOJ has required:

Property Management

Greystar (June 2025): $1.4 million

  • Lookback: Lease terminations dating back to 2018 (~7 years)
  • Scope: Early termination fees charged to servicemembers who terminated leases after receiving military relocation orders
  • Finding: Property management software (Yardi, RealPage, Entrata) automatically applied termination fees without flagging protected servicemembers
  • Requirement: Independent consultant must audit all lease terminations during the lookback period and identify every servicemember who was charged improperly

Auto Lending

CarMax (February 2026): nearly $500,000

  • Lookback: March 1, 2018 through October 24, 2023 (~5.5 years)
  • Scope: Vehicle repossessions conducted without court orders against active-duty servicemembers
  • Finding: At least 28 vehicles illegally repossessed, including vehicles belonging to reservists called to active duty
  • Requirement: 4-year monitoring period with ongoing compliance verification

Santander Consumer USA (February 2015): $9.35 million

  • Lookback: January 2008 through February 2013 (~5 years), plus forward-looking review of any repossession after February 2013
  • Scope: 760 direct repossessions without court orders, plus 352 inherited repossessions from acquired loan portfolios
  • Finding: 1,112 servicemembers affected across both direct and inherited repossessions
  • Requirement: $10,000 plus lost equity for each direct repossession, $5,000 for each inherited repossession, credit repair for all affected servicemembers, DMDC verification before all future repossessions

Westlake Financial (2022, second action): $225,000+

  • Lookback: September 2017 through February 2022 (~4.5 years)
  • Scope: Failure to apply the 6% interest rate cap retroactively to the date military orders were issued
  • Finding: 250 servicemembers affected. Westlake was already under a consent order from 2017, and the DOJ caught the violations during monitoring
  • Key lesson: The DOJ monitors compliance after consent decrees and will pursue additional enforcement if violations continue

Mortgage Servicing

National Mortgage Settlement: JPMorgan Chase, Wells Fargo, Citigroup, Ally Financial, Bank of America (2012), $123 million to 952 servicemembers (SCRA portion)

  • Lookback: January 1, 2006 through April 4, 2012 (~6 years)
  • Scope: Wrongful non-judicial foreclosures on active-duty servicemembers without court orders
  • Finding: 952 servicemembers and co-borrowers received compensation. JPMorgan Chase offered affected servicemembers either their home free and clear of debt or the full cash value at the time of sale.
  • Context: The SCRA component was embedded in the broader $25 billion national mortgage settlement. The SCRA-specific payouts totaled over $123 million.

Capital One (2012): approximately $12 million

  • Lookback: Accounts dating back to July 15, 2006 (~6 years)
  • Scope: Wrongful foreclosures, improper repossessions, wrongful court judgments, and improper denials of the 6% interest rate cap across credit cards, car loans, and other accounts
  • Multi-product audit: One of the few cases requiring a cross-product review (mortgage, auto, credit card)

The Pattern

Across every case, the DOJ lookback period follows a consistent pattern:

  • 5-7 years is the standard lookback window
  • The lookback starts from the date violations began or from the earliest period for which records exist, whichever is shorter
  • The DOJ defines the scope broadly. It is not limited to the specific violations that triggered the investigation. If the DOJ finds repossession violations, it may also require an audit of rate cap compliance, default judgment filings, and other SCRA obligations
  • Inherited portfolios are included. If you acquired loans or leases from another company, the servicemembers in those portfolios are your responsibility (as Santander discovered)

How to Run a Proactive Retroactive Audit

Step 1: Define the Scope

Determine the lookback period and what to audit based on your vertical:

Property managers:

  • Lease terminations and early termination fees
  • Eviction filings and default judgments
  • Security deposit deductions
  • Late fees and penalty charges applied to military tenants

Auto lenders:

  • Repossessions (the highest-risk category)
  • 6% interest rate cap application on all eligible loans
  • Default judgment filings
  • Late fees and penalty charges

Banks and mortgage servicers:

  • Foreclosures (judicial and non-judicial)
  • Interest rate cap application across all covered products
  • Default judgments
  • Negative credit reporting

For all verticals:

  • Go back at least 5 years, or to the earliest period for which you have records
  • Include all product lines, not just the one you think has the most risk

Step 2: Gather Records

Pull records for every adverse action taken during the lookback period:

  • Evictions filed, repossessions executed, foreclosures initiated
  • Interest rates charged on all active accounts
  • Default judgments obtained
  • Fees assessed (termination, late, penalty)
  • Any communication with borrowers or tenants about military status

This is typically the most time-consuming step. Records may be spread across multiple systems: your LOS, servicing platform, property management software, collections systems, and legal case management tools.

Step 3: Batch Verify Military Status

For every individual who was subject to an adverse action during the lookback period, verify their military status at the time the action was taken.

This requires checking against the DMDC (Defense Manpower Data Center) database. For a retroactive audit, you need historical verification: was this person on active duty on the specific date the action occurred?

For portfolios of any meaningful size, this must be done in batch. Manual one-at-a-time lookups are not feasible for a lookback spanning years and thousands of accounts.

Step 4: Identify Violations

Cross-reference the adverse action records with the military status verification results. Flag every case where:

  • An adverse action was taken against a servicemember without a court order
  • The 6% interest rate cap was not applied to an eligible loan
  • A protected servicemember was charged fees that should have been waived
  • A default judgment was obtained without a proper military status affidavit

Step 5: Calculate Remediation

For each identified violation, calculate what the servicemember is owed:

  • Fees that should not have been charged (refund plus interest)
  • Excess interest collected above the 6% cap (refund plus interest)
  • Lost equity from repossessed vehicles or foreclosed properties
  • Credit repair costs if negative reporting occurred

Step 6: Document Everything

Create a complete audit trail:

  • The methodology used to identify the lookback population
  • Every DMDC verification result
  • The criteria used to identify violations
  • The remediation calculation for each affected servicemember
  • The date and method of remediation (refund, credit, outreach)

This documentation serves two purposes: it proves you took the audit seriously if the DOJ later investigates, and it provides the foundation for changing your processes going forward.

What Proactive Audits Cost vs. DOJ-Mandated Audits

A proactive audit costs the time and resources to run the review, plus the remediation owed to affected servicemembers. You choose the consultant (or do it internally), you set the timeline, and you control the process.

A DOJ-mandated audit under a consent decree costs all of that plus:

  • Civil penalties: $79,380 per first violation, $158,761 per subsequent violation
  • An independent consultant selected with DOJ approval (typically $200-500/hour)
  • 4-5 years of monitoring with annual compliance reports
  • Ongoing DOJ oversight of your processes, training, and systems
  • Legal fees for the enforcement action itself

The Westlake case illustrates the risk of doing it wrong: even after a consent decree, the DOJ caught additional violations during monitoring and imposed a second settlement. A proactive audit done thoroughly the first time avoids that cycle entirely.

Santander repossessed 760 military vehicles illegally. The settlement: $9.35 million. What does your pre-repo verification process look like?

Check Your Exposure → · See Pricing →

Sources: DOJ Servicemembers and Veterans Initiative enforcement actions (2012-2026); CFPB Supervisory Highlights (2023-2025); DOJ press releases for Greystar (June 2025), CarMax (February 2026), Santander (February 2015), National Mortgage Settlement (February 2012), Capital One (2012), Westlake Financial (2022). All enforcement figures verified against DOJ primary sources.

Related training

See these topics covered in depth in our free SCRA training videos. Watch now →

Ready to automate your SCRA compliance?

See how civrel.io replaces manual processes with continuous, automated monitoring.

Check Your Exposure Free Training Library