Many SMB and commercial lenders operate under dangerous misconceptions about their regulatory obligations. The most critical error is assuming that because they focus on commercial lending, fair lending and consumer protection laws don't apply to their operations.
The reality is more complex. When lenders require personal guarantors—which most SMB lenders do—consumer protection regulations like ECOA and FCRA become applicable to those individual guarantors. This means lenders must provide adverse action notices to guarantors and comply with credit reporting requirements, even when the underlying loan is for business purposes.
Other common misconceptions include believing that non-bank lenders are exempt from AML programs, that OFAC screening is only for international transactions, and that using a bank partner transfers all compliance responsibility. Regulatory agencies are increasingly looking through partnership structures to hold the actual decision-makers and servicers accountable.
For Salesforce partners building lending solutions, understanding these regulatory requirements is essential. System architecture must accommodate both business entities and individual guarantors, with separate workflows and compliance triggers for each. The challenge is building neither too much nor too little—overbuilding creates unnecessary costs while underbuilding creates significant regulatory risk.