Compliance

AI compliance for lenders: CFPB and Reg B adverse action

The CFPB has confirmed ECOA and Reg B apply to AI-driven credit decisions. Adverse-action notices need specific reasons. Prism Agent Trajectories and Model Audits produce them.

Specific, traceable reasons for every adverse-action decision
Bias and calibration testing on credit decisioning models
Per-decision audit trail across LLM, tool, and reasoning steps
Disparate-impact reports per protected class

Book a Demo See pricing

About this framework

The Equal Credit Opportunity Act (ECOA) and its implementing Regulation B prohibit discrimination in credit decisioning and require lenders to give specific reasons when denying credit. In 2023 the CFPB issued explicit guidance that ECOA's specificity requirement applies to AI and complex algorithmic models — "the model said no" is not a sufficient reason. The agency has continued to enforce against lenders whose AI denial reasons cannot be traced to consumer-actionable factors.

Who needs to comply

Industries this applies to

Banks

Any depository institution making consumer credit decisions with AI.

Fintech lenders

BNPL, online lenders, marketplace lenders, and BaaS-fronted credit programs.

Credit unions

Federal and state-chartered credit unions making AI-assisted credit decisions.

Obligations

What the CFPB and ECOA / Reg B require

Specific reasons for adverse action (not just 'model said no')
Reasons traceable to model inputs the consumer can act on
Disparate-impact testing on protected classes
Documentation that the model's decision is explainable

Mapping

How Prism produces the evidence

Obligation	Capability	Evidence
Specific adverse-action reasons	Prism Agent Trajectories	Per-decision step record: which features, which tools, which thresholds led to the denial
Disparate-impact testing	Prism Model Audits	Fairness metrics per protected class, per audit run, with deltas over time
Explainability of the underwriting model	Prism Evaluations	Five-dimension scoring including consistency and completeness across borrower archetypes

Obligation

Specific adverse-action reasons

Capability

Prism Agent Trajectories

Evidence

Per-decision step record: which features, which tools, which thresholds led to the denial

Obligation

Disparate-impact testing

Capability

Prism Model Audits

Evidence

Fairness metrics per protected class, per audit run, with deltas over time

Obligation

Explainability of the underwriting model

Capability

Prism Evaluations

Evidence

Five-dimension scoring including consistency and completeness across borrower archetypes

Read the source

Go straight to the regulator

Not familiar with this framework? These are the authoritative sources, opened in a new tab.

CFPB circular on AI credit denials and ECOA specificity

Consumer Financial Protection Bureau

ECOA / Regulation B — full text

CFPB

Fair lending hub

CFPB

Built for: Lenders, BNPL providers, fintechs subject to ECOA / Reg B

Agent Observability

Trajectory evaluation decomposes multi-step agent runs into ordered steps and scores each run on goal adherence, tool compliance, efficiency, and safety, automatically on ingest.

AI Model Audits

Model audits give you a structured review of model behavior, risk profile, and readiness for production, before deployment, not after incidents.

LLM Evaluations

Define quality rubrics, score every interaction, and catch regressions before users do, with automated evaluators that run on every trace or on a schedule you control.

Model Risk Management for AI — SR 11-7 Revised Guidance

The interagency Revised Guidance on Model Risk Management supersedes SR 11-7 and SR 21-8. The three-pillar discipline carries forward, scaled to each bank's model risk profile. Prism produces the evidence at every tier.

NAIC AI Model Governance

The NAIC Model Bulletin sets expectations for insurer use of AI. Prism produces the documentation, monitoring, and audit artifacts each pillar requires.

NY DFS Part 500 AI Compliance

23 NYCRR Part 500 applies to AI used by covered financial entities. Prism produces the evidence each section asks for, and Prism X covers third-party AI tool risk.

AI compliance and risk management for banks

From underwriting copilots to fraud-screening agents, banks need the same model risk discipline they have for traditional models. Prism is built around it.

AI risk management for fintech

Sponsor banks expect SR 11-7 hygiene. CFPB and state AGs care about ECOA. Prism makes both legible without slowing your release pace.

Start tracing in 5 minutes

One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.

Tamper-proof traces, sealed before storage

Zero PII in storage, redacted at ingestion

Multi-cloud: Databricks, Snowflake, AWS, Azure

Request Demo

Enterprise Ready

Trace Latency

80%

PII Redacted

65%

Audit Time

90%

Agents Traced

70%

Trace IngestionActive

Audit ReportsReady in <60s

PII Status100% Redacted

Compliance

AI compliance for lenders: CFPB and Reg B adverse action

The CFPB has confirmed ECOA and Reg B apply to AI-driven credit decisions. Adverse-action notices need specific reasons. Prism Agent Trajectories and Model Audits produce them.

Specific, traceable reasons for every adverse-action decision
Bias and calibration testing on credit decisioning models
Per-decision audit trail across LLM, tool, and reasoning steps
Disparate-impact reports per protected class

Book a Demo See pricing

About this framework

Who needs to comply

Industries this applies to

Banks

Any depository institution making consumer credit decisions with AI.

Fintech lenders

BNPL, online lenders, marketplace lenders, and BaaS-fronted credit programs.

Credit unions

Federal and state-chartered credit unions making AI-assisted credit decisions.

Obligations

What the CFPB and ECOA / Reg B require

Specific reasons for adverse action (not just 'model said no')
Reasons traceable to model inputs the consumer can act on
Disparate-impact testing on protected classes
Documentation that the model's decision is explainable

Mapping

How Prism produces the evidence

Obligation	Capability	Evidence
Specific adverse-action reasons	Prism Agent Trajectories	Per-decision step record: which features, which tools, which thresholds led to the denial
Disparate-impact testing	Prism Model Audits	Fairness metrics per protected class, per audit run, with deltas over time
Explainability of the underwriting model	Prism Evaluations	Five-dimension scoring including consistency and completeness across borrower archetypes

Obligation

Specific adverse-action reasons

Capability

Prism Agent Trajectories

Evidence

Per-decision step record: which features, which tools, which thresholds led to the denial

Obligation

Disparate-impact testing

Capability

Prism Model Audits

Evidence

Fairness metrics per protected class, per audit run, with deltas over time

Obligation

Explainability of the underwriting model

Capability

Prism Evaluations

Evidence

Five-dimension scoring including consistency and completeness across borrower archetypes

Read the source

Go straight to the regulator

Not familiar with this framework? These are the authoritative sources, opened in a new tab.

CFPB circular on AI credit denials and ECOA specificity

Consumer Financial Protection Bureau

ECOA / Regulation B — full text

CFPB

Fair lending hub

CFPB

Built for: Lenders, BNPL providers, fintechs subject to ECOA / Reg B

Agent Observability

Trajectory evaluation decomposes multi-step agent runs into ordered steps and scores each run on goal adherence, tool compliance, efficiency, and safety, automatically on ingest.

AI Model Audits

Model audits give you a structured review of model behavior, risk profile, and readiness for production, before deployment, not after incidents.

LLM Evaluations

Define quality rubrics, score every interaction, and catch regressions before users do, with automated evaluators that run on every trace or on a schedule you control.

Model Risk Management for AI — SR 11-7 Revised Guidance

NAIC AI Model Governance

The NAIC Model Bulletin sets expectations for insurer use of AI. Prism produces the documentation, monitoring, and audit artifacts each pillar requires.

NY DFS Part 500 AI Compliance

23 NYCRR Part 500 applies to AI used by covered financial entities. Prism produces the evidence each section asks for, and Prism X covers third-party AI tool risk.

AI compliance and risk management for banks

From underwriting copilots to fraud-screening agents, banks need the same model risk discipline they have for traditional models. Prism is built around it.

AI risk management for fintech

Sponsor banks expect SR 11-7 hygiene. CFPB and state AGs care about ECOA. Prism makes both legible without slowing your release pace.

Start tracing in 5 minutes

One SDK. Five minutes. Full audit trails, PII redaction, and guardrail enforcement, from day one.

Tamper-proof traces, sealed before storage

Zero PII in storage, redacted at ingestion

Multi-cloud: Databricks, Snowflake, AWS, Azure

Request Demo

Enterprise Ready

Trace Latency

80%

PII Redacted

65%

Audit Time

90%

Agents Traced

70%

Trace IngestionActive

Audit ReportsReady in <60s

PII Status100% Redacted