- Why Lending Compliance Is the Heart of Credit Union Risk
- Domain 3: Lending Compliance - What the CCO Exam Actually Tests
- The Core Regulations Every CCO Candidate Must Know Cold
- ECOA, Fair Lending, and the Disparate Impact Problem
- HMDA Reporting Obligations for Credit Unions
- TILA and RESPA: Disclosure Rules That Trip Up Candidates
- MLA and SCRA: Protections for Military Borrowers
- How Lending Compliance Intersects with Other CCO Exam Domains
- Scheduling Lending Compliance Into Your CCO Prep
- Frequently Asked Questions
- Domain 3 (Lending Compliance) is one of four CCO exam domains and demands mastery of specific federal statutes, not just general principles.
- ECOA, TILA, HMDA, RESPA, MLA, and SCRA are individually testable topics - each with precise rules, timelines, and thresholds.
- Fair lending violations can arise from facially neutral policies; the CCO exam tests both disparate treatment and disparate impact scenarios.
- Lending compliance questions on the CCO exam are scenario-based, requiring you to apply rules to real credit union fact patterns.
Why Lending Compliance Is the Heart of Credit Union Risk
For most credit unions, lending is the primary business activity. It is also where the densest concentration of federal regulatory requirements lives. A single loan file can implicate more than half a dozen statutes - each with its own disclosure deadlines, adverse action requirements, data collection obligations, and enforcement consequences. When those requirements are mishandled, the consequences range from regulatory findings and member harm to civil money penalties and reputational damage.
That is precisely why the Credit Union Compliance Officer (CCO) certification dedicates an entire exam domain to lending compliance. The CCO credential signals to credit unions, regulators, and members that the compliance professional holding it has done more than read a summary of the rules - they can recognize a violation in a real scenario, articulate the correct requirement, and understand why the rule exists.
This article unpacks what the CCO exam tests in the lending compliance domain, walks through the specific regulations candidates must master, and explains how lending compliance connects to the broader CCO exam framework. If you are preparing to sit for the exam, this is the subject matter you cannot afford to study superficially.
Domain 3: Lending Compliance - What the CCO Exam Actually Tests
Domain 3: Lending Compliance
This domain tests a candidate's ability to identify applicable lending regulations, apply disclosure and timing rules, recognize fair lending violations, and understand the credit union's obligations under consumer protection statutes.
- Equal Credit Opportunity Act (ECOA) and Regulation B
- Home Mortgage Disclosure Act (HMDA) and Regulation C
- Truth in Lending Act (TILA) and Regulation Z
- Real Estate Settlement Procedures Act (RESPA) and Regulation X
- Military Lending Act (MLA) and Servicemembers Civil Relief Act (SCRA)
- Fair Credit Reporting Act (FCRA) in the lending context
- Flood insurance requirements under Regulation H
- Home Equity Lending disclosures
The CCO exam does not ask you to recite statutory text. It presents scenario-based questions that mirror the decisions a working compliance officer makes: reviewing a loan application to determine whether an adverse action notice was timely, assessing whether a credit union's auto loan pricing policy creates fair lending risk, or determining which HMDA data fields apply to a refinance transaction.
This question format rewards candidates who understand the purpose of each rule, not just a surface-level definition. A candidate who memorizes that adverse action notices must be sent within 30 days will still miss questions if they do not understand what triggers the clock, what incomplete applications do to that timeline, and which notice form applies to which transaction type.
You can explore the full structure of all four exam domains - including how Domain 3 is weighted relative to Domain 1 (Credit Union Regulatory Basics), Domain 2 (Deposit and Account Compliance), and Domain 4 (BSA/AML and Operational Compliance) - through the CCO Exam Prep practice test platform, which organizes questions by domain so you can identify gaps in your lending compliance knowledge specifically.
The Core Regulations Every CCO Candidate Must Know Cold
Lending compliance is not a single law - it is a layered stack of overlapping federal statutes, each implemented through a specific regulation and administered by a specific regulator. For credit unions, the primary federal supervisors are NCUA and, for consumer financial protection purposes, the CFPB. Understanding which agency enforces which rule - and what the examination priorities of each agency look like - is itself a testable CCO exam topic.
| Statute | Implementing Regulation | Primary CCO Exam Focus |
|---|---|---|
| Equal Credit Opportunity Act (ECOA) | Regulation B | Adverse action notices, prohibited bases, spousal signature rules |
| Home Mortgage Disclosure Act (HMDA) | Regulation C | Covered transactions, LAR data fields, reporting thresholds |
| Truth in Lending Act (TILA) | Regulation Z | APR calculation, closed-end disclosures, HOEPA triggers, right of rescission |
| Real Estate Settlement Procedures Act (RESPA) | Regulation X | Loan Estimate, Closing Disclosure, escrow rules, kickback prohibitions |
| Military Lending Act (MLA) | 32 C.F.R. Part 232 | MAPR cap, covered borrower identification, mandatory disclosures |
| Servicemembers Civil Relief Act (SCRA) | 50 U.S.C. Chapter 50 | Interest rate caps, foreclosure protections, lease termination rights |
| Fair Credit Reporting Act (FCRA) | Regulation V | Adverse action based on credit report, risk-based pricing notices |
ECOA, Fair Lending, and the Disparate Impact Problem
The Equal Credit Opportunity Act prohibits discrimination in any aspect of a credit transaction on the basis of race, color, religion, national origin, sex, marital status, age, receipt of public assistance income, or the exercise of rights under the Consumer Credit Protection Act. For CCO exam purposes, the critical distinction is between disparate treatment and disparate impact.
Disparate treatment occurs when a credit union treats a member differently because of a protected characteristic - whether intentionally or through a policy that explicitly references a prohibited basis. These cases are relatively straightforward to identify on an exam question.
Disparate impact is more complex and is a frequent focus of CCO exam scenarios. A facially neutral policy - such as a minimum loan amount, a minimum credit score, or a geographic lending restriction - can violate ECOA if it disproportionately excludes members of a protected class and the credit union cannot demonstrate a legitimate business justification that could not be achieved through a less discriminatory alternative.
Candidates should also be comfortable with the content and timing requirements for adverse action notices under Regulation B. The 30-day rule applies after a completed application, but the rules shift when an application is incomplete, when the credit union makes a counteroffer, or when the member withdraws the application. Each variation is a separate exam scenario.
HMDA Reporting Obligations for Credit Unions
The Home Mortgage Disclosure Act requires covered credit unions to collect, record, and report data on mortgage applications and loans. HMDA data is used by regulators and the public to identify fair lending risks and community reinvestment patterns. For the CCO exam, candidates must understand which transactions are covered, which data points must be collected, and how the Loan Application Register (LAR) is structured and submitted.
Key distinctions the exam tests include: the difference between covered and excluded transactions, the threshold rules that determine whether a credit union is a HMDA reporter at all, and the specific data fields that must be captured for purchase loans versus refinances versus home equity lines of credit. A credit union that incorrectly classifies a transaction type or omits a required data field can face material HMDA violations - and the CCO exam will put you in scenarios where you must make exactly that classification call.
Regulatory C was substantially revised in 2018, so candidates must be certain they are studying the current version of the rule and not legacy HMDA requirements that no longer apply.
TILA and RESPA: Disclosure Rules That Trip Up Candidates
Truth in Lending Act Essentials
Regulation Z governs disclosures for both closed-end and open-end credit. For closed-end mortgage loans, the key CCO exam topics include the Annual Percentage Rate (APR) calculation and what fees must be included in the finance charge, the right of rescission for certain refinances (and when it does not apply), HOEPA high-cost mortgage triggers, and the requirements for higher-priced mortgage loans.
Regulation Z also governs credit card accounts (open-end credit), which means CCO candidates need to know the rules applicable to credit unions that issue cards - periodic statement requirements, change-in-terms notices, and ability-to-repay considerations.
RESPA and the Integrated Disclosure Rules
RESPA's most operationally significant requirements for credit unions involve the Loan Estimate and Closing Disclosure - the two documents that replaced the old Good Faith Estimate and HUD-1 Settlement Statement under the TRID rule. The exam tests the precise timing requirements: when the Loan Estimate must be delivered relative to application, what triggers a revised Loan Estimate, and when the Closing Disclosure must be received by the borrower before consummation.
RESPA's Section 8 kickback and fee-splitting prohibitions are also CCO exam topics. Credit unions that engage in any arrangement with settlement service providers - title companies, appraisers, insurance providers - must ensure those arrangements do not cross into prohibited referral fee territory.
Key Takeaway
TRID (the TILA-RESPA Integrated Disclosure rule) merged overlapping disclosure requirements into a single framework, but it also created new complexity around "triggers" and "tolerances." CCO exam questions frequently test whether a changed circumstance justifies a revised Loan Estimate - and which fee categories are subject to zero tolerance versus a 10% tolerance versus unlimited tolerance.
MLA and SCRA: Protections for Military Borrowers
The Military Lending Act and the Servicemembers Civil Relief Act are both tested in Domain 3 and represent a category where credit unions frequently have gaps - because the membership base of many credit unions includes significant numbers of active-duty servicemembers, veterans, and their dependents.
The MLA applies to certain consumer credit products and caps the Military Annual Percentage Rate (MAPR) at 36%, which includes fees that are not part of the Regulation Z APR calculation. The MLA also prohibits certain loan terms (mandatory arbitration clauses, waivers of legal rights) and requires a specific MLA disclosure. Critically, a credit union must identify covered borrowers - active-duty servicemembers and their dependents - using a specific database check or credit report method. The exam tests both who is a covered borrower and what happens if a credit union fails to correctly identify one.
The SCRA provides separate protections: a 6% interest rate cap on pre-service debts, limitations on foreclosure during active duty, and other rights related to lease termination and civil proceedings. CCO exam candidates must understand that the SCRA and MLA have different scopes, different triggers, and different obligations - they are not interchangeable, and conflating them is a common exam mistake.
How Lending Compliance Intersects with Other CCO Exam Domains
One of the features of the CCO exam that distinguishes it from single-subject tests is its expectation that candidates understand how compliance domains interact. A lending scenario can simultaneously implicate Domain 3 (the specific lending regulation) and Domain 4 (BSA/AML obligations). For example, a mortgage loan application from a member with unusual transaction patterns requires the compliance officer to manage ECOA timing requirements while also evaluating SAR filing obligations - two different domains, one member relationship.
Similarly, lending compliance intersects with Domain 2 (Deposit and Account Compliance) when a credit union offers deposit account features tied to loan products, or when a member's account activity affects their loan eligibility. And Domain 1 - the regulatory basics framework - underpins everything, because a candidate who does not understand how NCUA examination authority works or how federal preemption affects state lending laws will misread scenarios in Domain 3.
If you want to see exactly how these cross-domain connections appear in practice exam questions, the CCO Exam Prep practice test platform includes mixed-domain question sets that reflect the integrated nature of the actual exam.
For those still evaluating whether to pursue the credential, reviewing the CCO Exam Eligibility Requirements and Application Steps is a logical first move - understanding the application process, registration mechanics, and eligibility criteria before committing significant study time is simply good planning.
Scheduling Lending Compliance Into Your CCO Prep
Given the volume of material in Domain 3, candidates who attempt to study all four domains in equal weekly blocks tend to underperform on lending compliance. A more effective approach staggers the domains by complexity and overlap.
Domain 1: Regulatory Basics Foundation
- NCUA structure and examination authority
- Federal preemption principles that affect lending rules
- How regulations are issued and amended - context for Regulation Z and C changes
Domain 3: Lending Compliance Deep Dive
- ECOA/Reg B adverse action scenarios - practice with varied application states
- TRID timing and tolerance rules - use a flowchart approach to Loan Estimate triggers
- HMDA transaction classification - work through covered versus excluded transaction examples
- MLA covered borrower identification and MAPR calculation logic
- SCRA protections and pre-service debt treatment
Domains 2 and 4: Deposit and BSA/AML
- Connect BSA filing obligations to lending scenarios from Week 3-5
- Review Regulation DD and account-related lending product disclosures
Full Integration and Practice Testing
- Mixed-domain practice questions emphasizing Domain 3 cross-overs
- Review any HMDA or TRID scenarios answered incorrectly in earlier weeks
- Use the CCO Exam Prep platform for timed, domain-tagged practice sets
The reason Domain 3 occupies the largest study block is straightforward: it contains the highest number of individually testable regulatory requirements, each with its own timing rules, thresholds, and exceptions. Spaced repetition is genuinely useful here - but specifically applied to the adverse action timelines, TRID tolerance buckets, and MLA MAPR component lists that candidates consistently get wrong on first exposure.
For a full breakdown of how the application process and exam structure work before you begin building your study schedule, the article on CCO Exam Eligibility Requirements and Application Steps provides the practical details you need to register and prepare with confidence.
Frequently Asked Questions
Domain 3 is considered demanding by most candidates because it covers more individually distinct regulations than any other domain. Each statute - ECOA, TILA, RESPA, HMDA, MLA, SCRA - has its own rules, timelines, and exceptions. Candidates who study each regulation in isolation, without understanding how they interact in real loan scenarios, tend to struggle most. Scenario-based practice is the most effective preparation method.
The CCO exam focuses primarily on federal lending regulations. However, Domain 1 (Credit Union Regulatory Basics) does address the interplay between federal and state law, including federal preemption principles that affect how state lending laws apply to federally chartered credit unions versus state-chartered credit unions. Candidates should understand that framework without needing to memorize individual state statutes.
HMDA reporting thresholds determine whether a credit union is a covered institution. Credit unions below those thresholds may not be required to file HMDA data, but compliance officers at those institutions still need to understand HMDA because the thresholds can be crossed as the credit union grows, and because examiners may still review mortgage practices through a fair lending lens even without HMDA data on file. The CCO exam tests both the threshold rules and the data requirements for covered institutions.
The Military Annual Percentage Rate (MAPR) under the MLA includes fees that the Regulation Z APR calculation excludes - such as credit insurance premiums, debt cancellation fees, and certain application fees. A loan that appears to comply with a rate cap when measured as a Regulation Z APR may still violate the MLA's 36% MAPR cap once the additional components are included. This distinction is a common CCO exam question type.
Domain 4 (BSA/AML and Operational Compliance) and Domain 3 (Lending Compliance) intersect most visibly in mortgage and business lending scenarios where loan proceeds or repayment patterns trigger suspicious activity monitoring obligations. A compliance officer must be able to manage ECOA and TRID obligations on a loan file while simultaneously evaluating whether a SAR is warranted - both domains are active in the same transaction. The CCO exam tests this integration through multi-issue scenario questions.