Governance & Program Info
Payment Authorization Scoring — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 13 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Complete SR 11-7 model documentation package
Purpose, data lineage, assumptions, limitations, known failure modes, validation results — all seven SR 11-7 documentation elements.
05 · Governance & Compliance
Independent model validation
Second-line or external independent team validates model logic, data, assumptions, and performance claims. Must be independent of development.
05 · Governance & Compliance
Ongoing model performance monitoring plan
KPIs, monitoring frequency, alert thresholds, escalation paths for performance degradation. Required under SR 11-7.
05 · Governance & Compliance
Change management and model versioning
Who approves model updates, what testing is required, how are changes versioned and rolled back, what is the audit trail.
05 · Governance & Compliance
Map PCI DSS v4.0 controls applicable to the ML stack
Identify which of the 500+ v4.0 controls apply to your training pipeline, feature store, inference runtime, and audit log.
05 · Governance & Compliance
Confirm PCI-attested inference runtime
If inference touches cardholder data, the runtime environment must be in the CDE and PCI-attested.
05 · Governance & Compliance
Tokenization strategy for training data
Training pipelines should use tokenized or hashed PAN unless there is a specific, documented reason otherwise.
05 · Governance & Compliance
Fair lending / disparate impact assessment
Authorization scoring has documented disparate impact risk — high-income customers are 2× more likely to be false-declined, and protected-class proxies can leak through geography and MCC features.
05 · Governance & Compliance
Adverse action notice / Reg B applicability review
Credit-driven declines (issuer-side) may trigger ECOA/Reg B adverse action notice requirements. Confirm whether authorization scoring triggers them.
05 · Governance & Compliance
Explainability / reason-code infrastructure
SHAP or equivalent reason-code output per decision — required for chargeback defense, dispute resolution, and adverse action notices where applicable.
05 · Governance & Compliance
Monitor SEC and CFPB AI/ML guidance
SEC 2023 predictive-analytics proposal and CFPB guidance on AI-driven consumer financial decisioning both shape the acceptable-use perimeter.
05 · Governance & Compliance
Map OFAC screening obligations at authorization time
Sanctions screening is typically a separate model but overlaps the authorization path — confirm the contract between them.
05 · Governance & Compliance
Board-level AI governance reporting
Authorization rate, fraud loss, false decline rate, and fair lending metrics should appear in board risk reporting, not only ops dashboards.