Governance & Program Info
Real-Time Credit Risk Scoring — Governance
Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 15 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
Complete SR 11-7 model documentation package
Purpose, data lineage, assumptions, limitations, known failure modes, validation results — the seven SR 11-7 documentation elements.
05 · Governance & Compliance
Independent model validation
Second-line or external independent team validates logic, data, assumptions, and performance claims. Must be independent of development.
05 · Governance & Compliance
Ongoing performance monitoring plan
KPIs, monitoring frequency, alert thresholds, escalation paths for performance degradation. Required under SR 11-7.
05 · Governance & Compliance
Change management and model versioning
Who approves updates, what testing is required, how changes are versioned and rolled back, what the audit trail contains.
05 · Governance & Compliance
Third-party / vendor AI risk governance
If scoring uses vendor models (Upstart, Zest, Lenddo) or vendor data (Plaid, Argyle, bureaus), governance must reach into the vendor.
05 · Governance & Compliance
ECOA / Reg B adverse-action compliance review
12 CFR 1002.9 adverse-action notice with principal reasons, 30-day delivery, and "specific and accurate" standard. Legal signoff.
05 · Governance & Compliance
FCRA permissible-purpose and dispute handling
FCRA (15 USC 1681) governs consumer-report use and requires dispute-reinvestigation procedures. Map the model's bureau-data use to FCRA permissible purposes.
05 · Governance & Compliance
CFPB Section 1033 open-banking readiness
Section 1033 of Dodd-Frank, finalized November 2024, with rolling implementation starting April 1, 2026 for largest institutions. Covers consumer data portability obligations.
05 · Governance & Compliance
Explainability / reason-code infrastructure
SHAP + LLM plain-language notice pipeline with legally-approved templates. Audit-logged per decision.
05 · Governance & Compliance
EU AI Act Annex III high-risk system conformity
Credit scoring is explicitly classified as high-risk under Annex III. Requires conformity assessment, risk management system, technical documentation, human oversight (Art. 14), and post-market monitoring. High-risk obligations take effect August 2026.
05 · Governance & Compliance
Colorado AI Act (SB205) readiness
Colorado SB205 (signed May 2024, effective February 1, 2026) regulates high-risk AI systems in consequential decisions including credit. Requires impact assessments, disclosure, and adverse-decision notices.
05 · Governance & Compliance
NYC Local Law 144 applicability review
LL 144 regulates AEDTs (automated employment decision tools) in NYC hiring. If the institution uses AI for employment screening, separate bias-audit obligations apply.
05 · Governance & Compliance
OCC/FDIC/Fed 2025 Interagency AI Guidance alignment
The 2025 Interagency Guidance on AI/ML in banking extends SR 11-7 with specific expectations on explainability, data quality, third-party AI, and ongoing monitoring.
05 · Governance & Compliance
Credit stress testing (CCAR / DFAST / ECB stress-testing guide)
Supervisory stress tests (CCAR for US $100B+ banks, DFAST for $10B+, ECB for Eurozone SI banks) require the model to produce defensible projections under adverse macro scenarios.
05 · Governance & Compliance
Board-level AI governance reporting
Approval rate, loss rate, disparate-impact metrics, and model-change log should surface at the board risk committee, not only in ops dashboards.