The Equal Credit Opportunity Act does not distinguish between a logistic regression scorecard and a gradient-boosted ensemble. Both are credit decision algorithms. Both must comply with ECOA's prohibition on discrimination and its adverse action notice requirement. The CFPB's 2022 circular made explicit what some lenders had assumed was ambiguous: model complexity is not an exemption. If your AI model denies credit, you must be able to explain why, in specific terms, to the applicant.
What ECOA Requires of AI Credit Models
ECOA and its implementing regulation, Regulation B, require lenders to provide applicants who are denied credit with a statement of specific reasons for the denial. The Regulation B model adverse action notices list categories such as insufficient income, excessive obligations, and poor credit history. These are reasons that map to human-interpretable credit factors. For an AI model that uses hundreds of features, the mapping from model output to specific adverse action reasons requires an explicit engineering layer.
CFPB Circular 2022-03 addressed the situation where a lender argued that its AI model's complexity made it impossible to provide specific reasons. The CFPB rejected this argument. Lenders are responsible for ensuring their models can produce specific adverse action reasons regardless of model architecture. The circular also noted that adverse action reasons must be accurate: providing boilerplate reasons that do not reflect the actual model basis for denial is a Regulation B violation in its own right.
SHAP Values as Adverse Action Reason Codes
SHAP (SHapley Additive exPlanations) values have become the primary mechanism for generating adverse action reason codes from complex ML credit models. SHAP decomposes a model prediction into the contribution of each feature, providing a ranked list of factors that contributed to the decision. The top negative contributors are translated into adverse action reason codes that satisfy the Regulation B requirement.
The limitations of this approach require engineering attention. SHAP values are post-hoc approximations of feature contributions; they can be inconsistent across similar applicants. The same model can produce different SHAP reason codes for two applicants with nearly identical profiles. The adverse action notice must accurately reflect the principal reasons for the denial, which implies stability requirements that SHAP does not guarantee by default. Consistent SHAP computation requires explicit background dataset selection and consistency checks in the adverse action generation pipeline.
Disparate Impact Testing and Fair Lending Examinations
A fair lending examination of an AI credit model involves two independent analysis tracks. The first is the adverse action notice track: did the model produce compliant, accurate, specific reasons for each adverse decision. The second is the disparate impact track: does the model produce materially different approval rates, pricing, or terms for protected classes that cannot be justified by legitimate credit risk factors.
Disparate impact testing for AI models requires statistical analysis of model outcomes across protected classes. The standard approach is regression-based: control for legitimate credit risk factors and test whether protected class membership has a residual effect on outcomes. AI models that use proxy variables -- features that correlate with protected class membership -- can produce disparate impact through indirect paths that are not visible in standard single-feature analysis.
The Model Audit Documentation Package
A fair lending model audit for an AI credit model requires a documentation package that covers model development methodology, training data sources and quality assessment, feature selection and proxy variable analysis, validation results including performance across demographic segments, adverse action reason code generation methodology and testing, and disparate impact testing results with remediation decisions. This package is what a CFPB examiner or a Department of Justice fair lending investigator will request. Building the documentation as a byproduct of the model development process -- rather than reconstructing it before examination -- requires that the documentation requirements be treated as engineering deliverables from the start of model development.
Ongoing Monitoring Obligations
Fair lending compliance for AI models is not a one-time validation exercise. Population stability analysis must confirm that the population of applicants the model scores in production matches the population on which it was validated. Disparate impact monitoring must run continuously against production decisions. Adverse action reason code accuracy must be tested periodically against applicant profiles. Model drift that increases disparate impact or degrades adverse action accuracy must trigger a model review and revalidation before the drift reaches examination-level materiality.
The engineering behind this article is available as a service.
We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.