Built for the regulatory environment lenders actually operate in.
Federal compliance rules enforced at the engine level. State-specific caps applied automatically. Adverse action codes ready for your FCRA-compliant notice flow.
Regulatory frameworks
The compliance posture, in plain terms.
TILA / Reg Z
Truth in Lending
Every approved decision returns a TILA-compliant disclosure block: amount financed, finance charge, total of payments, and APR. Ready to present to consumers at the disclosure moment in your flow.
ECOA / Reg B
Equal Credit Opportunity
Declined and referred decisions return FCRA-compliant adverse action codes mapped to the standard ECOA taxonomy. Protected-class attributes are strictly excluded from scoring.
FCRA
Fair Credit Reporting
AltFiScore reports are not consumer credit reports under FCRA. Adverse action codes are returned in formats compatible with FCRA-compliant notice generation. Disputes flow through your existing process.
GLBA / Safeguards
Gramm-Leach-Bliley
Where AltFiScore acts as a service provider to a financial institution, we handle nonpublic personal information in accordance with the Safeguards Rule (16 CFR Part 314).
MLA
Military Lending Act
Active-duty service members and dependents are automatically detected and protected. 36% APR cap enforced; covered borrower disclosures generated.
State usury
State APR ceilings
Per-state usury caps and finance-charge limits enforced automatically based on consumer residence. No silent over-the-cap approvals.
Product-specific compliance
Different products. Different rules. Built in.
Every lending product has its own regulatory layer. AltFiScore handles the product-specific rules so your underwriting team doesn't have to re-implement them per product.
| Product | Standards enforced |
|---|---|
BNPL | Reg ZReg EMLAState usury |
Auto loans | Reg ZFederal LTV (130% direct / 110% indirect)MLAState licensing |
Mortgage | ATR / QM (43% DTI cap)TRIDRESPAHMDAFHA min 580 |
Personal loans | Reg ZReg BMLAState usury |
Credit cards | CARD ActReg Z (Schumer Box)MLAPenalty APR cap |
Shared responsibility
What we do. What you do.
AltFiScore handles
- Decisioning math and federal compliance enforcement
- Adverse action code generation with FCRA-compliant taxonomy
- TILA disclosure generation
- PII redaction in our logs
- Tenant isolation and SOC 2 audit posture
- Audit trails sufficient for regulatory examination
You handle
- State licensing for each jurisdiction you originate credit in
- Delivery of adverse action notices to consumers
- Presenting TILA disclosures to consumers at the right moment
- BSA/AML SAR/CTR filings
- Final lending decisions (AltFiScore is infrastructure, not the lender)
- Your own privacy policy disclosing AltFiScore in your stack
Certifications
Audited. Documented. Available under NDA.
SOC 2 Type II
Annual independent audit covering security, availability, and confidentiality controls.
GLBA Safeguards
Program covered as required for financial-services data processors handling NPI.
CCPA / CPRA
California consumer privacy rights honored. Verifiable request intake at legal@altfiscore.com.
GDPR / UK GDPR
Tri-jurisdiction data protection. Standard Contractual Clauses for international transfers.
SOC 2 Type II audit report and security questionnaire responses are available to qualified prospects under a mutual NDA.
Request the audit reportTalk to our compliance team.
Risk officers and compliance teams welcome — we will walk through the audit posture for your specific use case.