AI governance in US financial services.
CFPB enforcement of AI in credit decisions, OCC model risk management for banks, adverse action notice requirements, SEC AI disclosure, and FTC consumer protection for financial AI.
Regulatory obligations at a glance
Key frameworks applying to AI in US financial services. Map your AI systems against each.
When AI denies credit or offers less favourable terms, specific reasons must be given. The CFPB has confirmed that "the model decided" is not a compliant adverse action reason — actual factors must be disclosed.
HighBanks must apply model risk management principles to AI — validation, documentation, ongoing monitoring, and independent review. The "black box" defence does not satisfy prudential expectations.
HighAI using consumer report data must comply with FCRA requirements. AI credit models must accommodate adverse action notice requirements and consumer dispute processes.
HighAI practices that are unfair or deceptive — biased models, hidden AI use, or unsubstantiated capability claims — violate the FTC Act. Applies to all consumer-facing financial firms.
HighListed financial companies must disclose material AI risks. AI-generated investment research must comply with Regulation Best Interest. SEC has issued guidance on AI in investment advisory.
HighAlgorithmic trading and AI in securities recommendations must comply with FINRA suitability rules — AI recommendations must be appropriate for individual clients.
High