I was wondering if anyone had a "business case" or "checklist" of applicable compliance considerations for online applications for credit cards and consumer loans they would be willing to share?

Hi, don't have a formal checklist but I would consider the following steps as a best practice:

1. Must meet Patriot Act Section 326 requirements (KYC/CIP check) - verify PII of the applicant (SSN, Name, address, Phone, DOB)

2. Check OFAC, other core sanctions lists (ex: EU, UN, BOE, FBI, BIS, ect)

3. Important to setup fraud risk workflows for online applications, this may include digital identity risk factors (where is the customer logging in from?), as well as identity risk factors (is there high risk this is a synthetic or stolen identity)

4. Authenticate the applicant, this is best done with a KBA (knowledge based authentication quiz), or text verification process

There are companies that can help automate these processes for you (LexisNexis is a good one :)) If you have any questions I would be happy to setup a call.

Welcome to BOL, Kyle! As substantive first posts by new members go, this one certainly eclipses the old record!!

Moving on to the question at hand--
- Because the online service gathers information, it will need some kind of "trap" to prevent children from submitting information (which would violate COPPA.)
- Because these are consumer credit products, Reg. B will govern what can and cannot be asked, when, and how.

I'm sure this list will grow as others digest the OP.

Thanks!

Looking forward to chiming in when I can. This forum seems like a great resource for information wish I had found it years ago!