Credit Scoring Engine

High Risk

ML model evaluating consumer creditworthiness for loan origination decisions. Processes 15K applications/month across retail and SME lending.

78/ 100

Assessment ProgressComplete

EU AI ActColorado AI ActNIST AI RMF

Assessment Questionnaire

Risk Management

Does the credit scoring model have a documented risk management process covering discriminatory outcomes?

Yes — risk management framework established Q4 2025, reviewed quarterly by the AI governance committee. Covers age, gender, ethnicity, and disability bias vectors.

EU AI Act

Are risks to fundamental rights (financial inclusion, equal access to credit) identified and mitigated?

Fundamental rights impact assessment completed. Key risks: financial exclusion, discriminatory outcomes in loan pricing. Mitigations include fairness constraints and borrower appeals process.

EU AI Act

Data Governance

Is the historical lending data used for training documented with demographic representativeness analysis?

Yes — 5 years of lending data documented. Demographic breakdowns provided across age, income, geography, and ethnicity cohorts.

NIST AI RMF

Are disparate impact testing procedures in place for credit decisions across protected classes?

Yes — monthly disparate impact ratio tests run for all protected classes. Current ratios within 80% four-fifths rule threshold.

Colorado AI Act

Transparency

Can applicants receive individualized explanations for credit denial decisions?

Yes — adverse action notices include top contributing factors via SHAP values, compliant with ECOA requirements.

EU AI Act

Human Oversight

Can a loan officer override or reverse automated credit decisions?

Yes — all automated denials are reviewable by senior loan officers. Override capability with audit trail is built in.

EU AI Act

Accuracy

Are accuracy and fairness metrics for credit predictions monitored in production?

AUC-ROC: 0.87, KS stat: 0.42 — monitored daily. Fairness metrics (equalized odds, calibration) tracked weekly.

EU AI Act

Record Keeping

Are credit decision logs and model versions maintained for the required retention period?

Yes — all decision logs, model artifacts, and feature inputs retained for 5 years per EU AI Act Art. 12 and ECOA requirements.

EU AI Act

Gap Analysis

3 gaps identified

Art. 9 — Risk ManagementHigh

Bias monitoring for protected characteristics (ethnicity, disability) not yet fully automated in production scoring pipeline.

Recommendation: Deploy statistical parity and equalized odds monitoring with automated alerting across all protected classes.

SB 205 — Impact AssessmentMedium

Annual algorithmic impact assessment not yet scheduled for renewal cycle.

Recommendation: Schedule annual renewal and assign compliance officer as owner.

MAP 2.1 — Intended UseMedium

Intended use documentation does not cover all deployment contexts (SME vs. retail lending).

Recommendation: Update intended use documentation to differentiate retail and SME lending contexts with separate risk profiles.

Back to Assessments

Credit Scoring Engine

High Risk

ML model evaluating consumer creditworthiness for loan origination decisions. Processes 15K applications/month across retail and SME lending.

78/ 100

Assessment ProgressComplete

EU AI ActColorado AI ActNIST AI RMF

Assessment Questionnaire

Risk Management

Does the credit scoring model have a documented risk management process covering discriminatory outcomes?

Yes — risk management framework established Q4 2025, reviewed quarterly by the AI governance committee. Covers age, gender, ethnicity, and disability bias vectors.

EU AI Act

Are risks to fundamental rights (financial inclusion, equal access to credit) identified and mitigated?

Fundamental rights impact assessment completed. Key risks: financial exclusion, discriminatory outcomes in loan pricing. Mitigations include fairness constraints and borrower appeals process.

EU AI Act

Data Governance

Is the historical lending data used for training documented with demographic representativeness analysis?

Yes — 5 years of lending data documented. Demographic breakdowns provided across age, income, geography, and ethnicity cohorts.

NIST AI RMF

Are disparate impact testing procedures in place for credit decisions across protected classes?

Yes — monthly disparate impact ratio tests run for all protected classes. Current ratios within 80% four-fifths rule threshold.

Colorado AI Act

Transparency

Can applicants receive individualized explanations for credit denial decisions?

Yes — adverse action notices include top contributing factors via SHAP values, compliant with ECOA requirements.

EU AI Act

Human Oversight

Can a loan officer override or reverse automated credit decisions?

Yes — all automated denials are reviewable by senior loan officers. Override capability with audit trail is built in.

EU AI Act

Accuracy

Are accuracy and fairness metrics for credit predictions monitored in production?

AUC-ROC: 0.87, KS stat: 0.42 — monitored daily. Fairness metrics (equalized odds, calibration) tracked weekly.

EU AI Act

Record Keeping

Are credit decision logs and model versions maintained for the required retention period?

Yes — all decision logs, model artifacts, and feature inputs retained for 5 years per EU AI Act Art. 12 and ECOA requirements.

EU AI Act

Gap Analysis

3 gaps identified

Art. 9 — Risk ManagementHigh

Bias monitoring for protected characteristics (ethnicity, disability) not yet fully automated in production scoring pipeline.

Recommendation: Deploy statistical parity and equalized odds monitoring with automated alerting across all protected classes.

SB 205 — Impact AssessmentMedium

Annual algorithmic impact assessment not yet scheduled for renewal cycle.

Recommendation: Schedule annual renewal and assign compliance officer as owner.

MAP 2.1 — Intended UseMedium

Intended use documentation does not cover all deployment contexts (SME vs. retail lending).

Recommendation: Update intended use documentation to differentiate retail and SME lending contexts with separate risk profiles.