Banking & Finance

"The model is opaque" is not a defense. The regulator said so in writing.

2026NextVise

Every institution deploying AI for credit, claims, or eligibility eventually reaches the same comfortable excuse: the model is too complex to explain. In the United States, the regulator has already answered — in writing — and the answer travels well beyond lending.

The circular that closed the door.

In 2022, the CFPB stated plainly that creditors using complex algorithms must still provide the specific reasons for an adverse action — and that a model’s opacity is no excuse under ECOA and Regulation B. If your system denies a consumer credit, you owe them the actual reasons. “The algorithm decided” is a violation, not an explanation.

Why this reaches further than lending.

The logic is portable, and regulators everywhere are porting it. The EU AI Act names credit scoring high-risk by name and demands record-keeping and effective oversight. GDPR Article 22 gives individuals rights against purely automated decisions — including meaningful information about the logic involved. Supervisors in the GCC require demonstrable control over AI decisions. Different laws, one converging principle: if you deploy it, you must be able to explain it — case by case, on the record.

The uncomfortable operational truth:

an explanation you construct after the complaint is advocacy. An explanation that existed at the moment of the decision — the rule applied, the factors weighed, the human who signed — is evidence. The difference decides examinations. Post-hoc rationalization of a model’s output is exactly what the CFPB warned against; a decision record produced in the live path is exactly what satisfies it.

What defensible looks like:

every AI-influenced decision carries its reasons at birth — checked against the named rule, grounded in reference data, signed, and stored immutably. When the examiner asks why was this customer denied, the answer isn’t a data-science project. It’s a record. That is the infrastructure we build.

― basis: CFPB Circular 2022-03 · ECOA / Regulation B §1002.9 · EU AI Act Art. 6, Annex III 5(b) · GDPR Art. 22

Get Audit-Ready
← Back to Insights