The Auto Lending Market Is Under Pressure — and Compliance Is Where It Shows
The numbers are stark. Outstanding auto loan debt reached $1.67 trillion across 108 million open accounts at the end of 2025. Ninety-day-or-more delinquencies hit 5.60% in Q1 2026 — the highest level since the pandemic peak, up from 4.41% just two years prior. Nearly 29% of auto finance customers are now categorized as financially vulnerable. And the regulatory environment has fractured: federal enforcement has narrowed, state attorneys general have expanded into the gap, and private litigation is filling the space in between.
Auto lending compliance in mid-2026 is not a single problem. It is five overlapping challenges that each require operational responses — in underwriting, collections, credit reporting, regulatory monitoring, and counterparty oversight. The institutions that navigate this environment most effectively are not those with the most legal resources. They are the ones whose compliance workflows are embedded in the same system they use to manage their loan portfolios — so that consistent execution is the default, not the exception.
For auto lenders operating on Salesforce, loan management software that unifies credit decisioning, compliance documentation, and collections workflow in a single native environment is not a future-state aspiration. It is the operational infrastructure the current environment demands. Lenders evaluating whether their current platform is built for this moment can start with a compliance discussion.
Issue 1: Rising Delinquencies Demand Underwriting Precision and Portfolio Segmentation
The sustained rise in auto loan delinquencies is the most operationally urgent issue facing auto lenders in mid-2026. According to the Federal Reserve Bank of New York's Household Debt and Credit data, 90-day-or-more delinquencies reached 5.60% in Q1 2026, up from 5.21% the prior quarter and far above the long-term average of 3.59%. The climb has been consistent across multiple consecutive quarters, rising from 4.41% in Q1 2024 to current levels.
The delinquency problem is not uniform. Performance diverges sharply by credit tier, vehicle type, and loan vintage:
| Segment Variable | Performance Pattern | Compliance Implication |
| Used-vehicle vs. new-vehicle | Used loans carry higher payment burdens and elevated default risk | Advance rate and LTV controls need tier-specific calibration |
| 2024–2025 vintages | Elevated early delinquency vs. pre-pandemic benchmarks | Underwriting criteria from these cohorts warrants review and documentation |
| Subprime vs. prime | Diverging performance at magnitude; BHPH subprime 2.65× higher delinquency rate | Risk pricing and loss mitigation documentation must be tier-differentiated |
| Financially vulnerable borrowers | 29% of auto finance customers per J.D. Power | Hardship accommodation processes must be documented and consistently applied |
Lenders are responding during underwriting by reducing maximum advance rates, tightening payment-to-income thresholds, shortening allowable loan terms for higher-risk segments, and pricing more aggressively for high loan-to-value deals. Each of these responses is operationally sound — but each also creates a compliance obligation. Tightening criteria must be applied consistently across all applicants to avoid disparate-impact exposure under ECOA and Regulation B. Changes to pricing parameters must be documented so that adverse action notices accurately reflect the criteria applied.
So what does this mean for your institution? Rising delinquencies are a credit risk problem that becomes a compliance problem the moment your response to them is applied inconsistently. Underwriting tightening that is documented, consistently applied through configured decisioning rules, and auditable at the individual application level is defensible. Underwriting tightening that lives in underwriter judgment, team briefings, or email threads is not.
Issue 2: State Enforcement Has Filled the Federal Gap
The regulatory environment for auto lending in mid-2026 is best understood not as one unified framework but as a patchwork of state-level obligations operating alongside a narrowed — but not absent — federal posture. The CFPB has significantly reduced its enforcement activity, as documented in its May 28, 2026 enforcement framework updates. State attorneys general have moved decisively to fill that space.
Active enforcement cases involving Maryland, Illinois, Massachusetts, Colorado, and New York are targeting auto lending practices across underwriting, aftermarket products, and fee transparency. The compliance implications are immediate:
New York — FAIR Business Practices Act
New York's Fostering Affordability and Integrity through Reasonable (FAIR) Business Practices Act authorizes the attorney general and private consumers to take action against corporations for unfair, deceptive, and abusive practices — including "junk fees" and the steering of borrowers into higher-cost loan products. Auto lenders with New York borrowers must review their fee disclosure practices and indirect lending product offerings against this standard specifically.
California — CARS Act (effective October 2026)
California introduced CARS Act legislation taking effect in October 2026, implementing consumer protection provisions closely modeled on the vacated FTC CARS Rule. Auto lenders, dealers, and finance companies with California-based operations have a hard compliance deadline: fee disclosure, advertising accuracy, and financing terms must meet California CARS Act standards by October.
Alaska — Dealer Fee Settlements
Alaska has pursued settlements against dealerships that charged fees not included in advertised vehicle prices — a pattern regulators across multiple states are now treating as a coordinated enforcement priority, not an isolated issue.
The practical consequence for lenders is a dual compliance obligation: Federal regulatory standards remain in place — FCRA, ECOA, FDCPA, SCRA — and must be met regardless of federal enforcement posture. State-level consumer protection requirements are now being independently enforced, and they vary by state. A compliance program built around the assumption that reduced CFPB activity means reduced overall regulatory risk is misreading the environment entirely.
Consumer protection obligations that lenders unknowingly trigger extend well beyond the federal framework, and auto lenders with multi-state portfolios are now managing obligations that require jurisdiction-level monitoring as an operational function.
So what does this mean for your institution? State enforcement is not a background risk for auto lenders — it is an active, named enforcement environment with real cases proceeding now in five states. Lenders whose compliance monitoring is configured only for federal obligations are exposed. Multi-state portfolio management requires compliance infrastructure that can track and flag state-specific requirements by borrower location, not just federal thresholds by product type.
Issue 3: FCRA Furnishing and Collections Credit Reporting Under Heightened Scrutiny
With auto loan delinquencies at record levels, the volume and complexity of credit reporting events has increased proportionally. CFPB supervisory highlights from late 2025 specifically identified auto servicing and credit reporting as areas of heightened examiner attention — and the CFPB's updated May 2026 enforcement priorities explicitly name FCRA and Regulation V data furnishing violations among its active focus areas.
The specific FCRA compliance vulnerabilities that supervisory materials and private litigation have highlighted in the auto lending context:
Furnishing accuracy during payment plan modifications. When a borrower enters a hardship payment plan, forbearance arrangement, or other modification, the timing and accuracy of credit bureau updates is a documented compliance risk area. If the payment plan changes the contractual terms, the account status reported to the bureaus must reflect the modified terms accurately and promptly. Late or inaccurate updates during modification periods have generated both supervisory findings and private litigation.
Dispute handling failures. Recent private litigation in the auto finance space has cited failures to flag active disputes to credit bureaus, inaccurate delinquency dates reported during the dispute period, and failure to complete investigations within the 30-day FCRA window. Each of these is independently actionable under 15 U.S.C. § 1681s-2.
Unauthorized credit pulls post-sale. Supervisory findings and private litigation have flagged instances of dealers pulling consumer credit reports after the vehicle sale has closed, without a permissible purpose under 15 U.S.C. § 1681b. For lenders with indirect auto origination programs, monitoring the credit pull practices of their dealer network is an operational responsibility, not solely the dealer's.
Date of First Delinquency accuracy. The DOFD determines the seven-year reporting clock under FCRA § 1681c. In auto lending, where delinquency timelines can involve multiple payment arrangements before charge-off, DOFD accuracy requires documented tracking from the first missed payment through to final disposition — not a field populated at charge-off based on the date of that event.
The FCRA compliance checklist for auto lending furnishers covers these obligations in detail. In the auto lending context, the combination of high delinquency volume, active collections, and frequent payment plan modifications makes furnishing accuracy both the most operationally complex and the most examiner-scrutinized area of the current regulatory environment.
So what does this mean for your institution? FCRA furnishing accuracy in auto lending is not a static compliance checkbox. It is a continuous operational function that requires your loan management system to track account status changes, modification events, dispute flags, and DOFD data accurately across the full delinquency lifecycle — and to transmit those updates to the credit bureaus on a timeline that satisfies both the statute and examiner expectations.
Issue 4: Buy Here, Pay Here Counterparty Risk — What Traditional Lenders Must Know
The Buy Here, Pay Here (BHPH) segment has come under intense regulatory and financial scrutiny in 2026, and the implications extend well beyond BHPH operators themselves. For traditional lenders — banks, credit unions, and non-bank finance companies with credit line, securitization, or participation exposure to BHPH dealers — the risk profile of this segment has materially changed.
Federal Reserve research published in May 2026 quantifies the scale of the divergence:
- BHPH delinquency rates are approximately 2.65 times higher than traditional auto lenders
- BHPH default rates are approximately 1.88 times higher
- BHPH portfolios are 16.63 times more likely to be in active repossession status
- In Q3 2025, approximately 5% of BHPH balances were in active repossession, versus less than 0.5% for traditional lenders
- BHPH loan balances have increased more than 200% since 2018
The collapse of Tricolor Holdings — a major BHPH operator that declared bankruptcy in September 2025 amid fraud allegations — demonstrated the contagion risk embedded in this exposure. Two major banks sustained losses of approximately $200 million each through credit line exposure to Tricolor. The Tricolor episode was not an anomaly in the abstract statistical sense. It was the realization of precisely the counterparty risk that the Fed's May 2026 data quantifies.
The congressional response has followed. In February 2026, Senator Elizabeth Warren launched a formal probe into the auto lending and repossession industries, sending inquiry letters to major auto lenders, the National Independent Automobile Dealers Association, and major BHPH servicers including CarHop, Byrider, and America's Car Mart.
For lenders with BHPH exposure, the operational implications are specific:
- Counterparty due diligence must now include BHPH-specific risk indicators: repossession rate, DOFD accuracy in furnished data, borrower payment frequency structure, and geographic concentration in states with relaxed repossession regulations
- Credit line structural protections — over-collateralization, loan guarantees, SPE structures — provide important buffers but did not fully protect the Tricolor creditors; stress-testing those protections against a Tricolor-scale failure scenario is prudent
- Portfolio monitoring must include real-time visibility into BHPH operator performance, not only periodic reviews of aggregate credit line utilization
- Securitization investment diligence must account for the Fed's documented performance divergence between BHPH and traditional auto loan collateral
So what does this mean for your institution? Banks and credit unions with BHPH credit line exposure are not passive observers of the BHPH sector's current stress — they are counterparties to it. The combination of Fed research, congressional probes, and a demonstrated $400 million combined bank loss from a single operator failure is a clear signal that BHPH counterparty risk requires active reassessment, not monitoring as usual.
Issue 5: Servicemember Protections and Collections Documentation
Servicemember lending is a named CFPB enforcement priority in 2026 — and one that auto lenders cannot manage as an afterthought. The CFPB's January 2025 Servicemember Financial Protection Report found that servicemembers typically borrow more, put less money down, and receive auto loans with higher APRs and longer terms than civilian borrowers. That finding reflects both the financial realities of military life and the heightened scrutiny that follows SCRA-covered accounts through their entire loan lifecycle.
What SCRA compliance requires for auto lenders:
The Servicemembers Civil Relief Act (50 U.S.C. §§ 3901 et seq.) creates specific obligations for auto lenders that apply from origination through repossession:
| SCRA Requirement | Auto Lending Application | Common Failure Mode |
| Interest rate cap (6% during active duty) | Applies to pre-service auto loans; lender must apply cap upon written notice and military orders | Failure to reduce rate or retroactively refund excess interest after receiving valid SCRA request |
| Repossession restriction | No repossession without court order during active duty period if borrower has made any payment under the contract | Initiating repossession on SCRA-covered accounts without judicial review |
| Lease termination rights | Servicemembers may terminate auto leases upon deployment orders or PCS orders meeting statutory criteria | Failing to process valid SCRA lease terminations promptly and without penalty |
| Accounts must be flagged | SCRA status must be identifiable in the loan management system before any adverse action | No mechanism to identify SCRA-covered accounts; relying on borrower to raise status each time |
Beyond the SCRA, the CFPB's May 2026 supervision priorities maintain servicemembers as a named protected population. Supervisory attention in this area focuses on whether lenders have documented processes for identifying military status at account opening, tracking SCRA status changes during the loan term, and applying the required protections consistently without requiring servicemembers to repeatedly prove their status.
With auto loan delinquencies elevated, the intersection of SCRA protections and collections activity is a specific risk area. A servicemember on deployment who misses a payment is entitled to SCRA protections that may prohibit the repossession action your collections team would otherwise initiate. If your loan management system cannot flag SCRA-covered accounts before collections actions are triggered, that protection cannot be consistently applied.
So what does this mean for your institution? SCRA compliance in auto lending is not a separate compliance program — it is a configuration requirement in your loan management platform. The system that tracks delinquency, triggers collections workflows, and initiates repossession procedures must be capable of identifying SCRA-covered accounts and applying the appropriate holds and rate modifications automatically, before a collections action reaches an affected borrower.
What Auto Lenders Should Do Before Year-End
The five issues described in this post — delinquency management, state enforcement navigation, FCRA furnishing accuracy, BHPH counterparty risk, and SCRA collections compliance — are not independent problems. They share a common operational requirement: loan management infrastructure that can track credit events, document compliance actions, and produce an auditable record consistently, at the account level, across the full portfolio.
A practical mid-year checklist for auto lending compliance:
So what does this mean for your institution? Each item on this checklist is actionable before year-end. Each one also has a common infrastructure dependency: a loan management system that makes compliance documentation the natural output of the operational workflow — not a separate project that runs in parallel with it.
Why LASER for Auto Lending Compliance
The five compliance priorities facing auto lenders in mid-2026 share a common infrastructure requirement: the lender's loan management system must be able to track credit events, apply consistent decisioning rules, document compliance actions, and produce an auditable record — all within the same operational workflow, not assembled from exports across disconnected systems.
Salesforce-native credit access, built-in compliance, and decisioning — unified in a single app, ready from day one.
LASER Credit Access is built natively inside Salesforce, connecting auto lenders to Equifax, Experian, and TransUnion for credit bureau access, configurable credit decisioning logic through the DECIDE pillar, and built-in compliance workflow documentation through the COMPLY pillar. For auto lenders managing delinquency documentation, FCRA furnishing accuracy, payment plan modification tracking, and SCRA servicemember account flagging, LASER's native Salesforce architecture means that every compliance event is logged within the same loan record — not in a parallel system that must be reconciled manually before an examiner visit.
For auto lenders, that means built-in compliance tools for lenders on Salesforce and automated, rules-based decisioning for auto lenders inside Salesforce operate inside the same loan record your team already works in.
Why credit reporting accuracy is a legal obligation for every lender is especially relevant for auto lenders managing high delinquency volumes: the furnishing accuracy standard does not relax because collections activity is elevated. If anything, the volume of credit events during a delinquency spike — modification flags, dispute holds, DOFD updates, repossession reporting — makes the case for embedded compliance documentation more urgent, not less.
Ready to Build Auto Lending Compliance Into Your Salesforce Loan Management Workflow?
The compliance pressures facing auto lenders in mid-2026 are operational as much as they are legal. Rising delinquencies, state enforcement expansion, FCRA furnishing scrutiny, BHPH counterparty risk, and SCRA collections compliance all converge on the same infrastructure question: can your loan management platform produce the documentation, consistency, and audit trail that regulators now treat as evidence of institutional control?
LASER Credit Access delivers Salesforce-native credit access, built-in compliance workflows, and decisioning tools that work together inside the platform your team already uses to manage auto loan origination and servicing. If your institution is navigating any of these five compliance priorities and needs to close gaps before year-end, a compliance discussion is the right starting point.
→ Schedule a Compliance Discussion