On February 19, the Consumer Financial Protection Bureau (CFPB) issued new interpretive guidance on the use of artificial intelligence and machine learning models in consumer lending decisions. If you're building or operating a fintech lending product, this guidance has direct implications for how you underwrite, price, and communicate with borrowers.
Here's what you need to know — and what you should do about it.
What the guidance says
The CFPB's guidance focuses on three key areas:
1. Adverse action notices must be specific and meaningful. If your lending model uses AI/ML to make credit decisions, the adverse action reasons you provide to declined applicants must reflect the actual factors the model relied on — not generic placeholders. The CFPB explicitly rejects the argument that model complexity excuses vague disclosures.
2. Fair lending obligations apply regardless of the technology used. The guidance reiterates that ECOA and Reg B requirements apply fully to AI-driven lending. Using a machine learning model doesn't create an exemption from disparate impact analysis. If your model produces discriminatory outcomes — even unintentionally — you're on the hook.
3. Model documentation requirements are getting stricter. The CFPB expects lenders to maintain detailed documentation of their model development, validation, and ongoing monitoring processes. This includes training data composition, feature selection rationale, and fairness testing results.
What this means for your team
If you're using any form of automated decisioning in your lending product, you need to audit three things immediately:
Your adverse action notice generation. Review how your system generates reason codes for declined applications. If you're using a third-party decisioning engine, confirm that their reason codes meet the CFPB's specificity standard. Generic reasons like "insufficient credit history" may not be adequate if your model actually relied on more specific factors.
Your fair lending testing cadence. If you're not running regular disparate impact analyses on your lending model, start now. The guidance makes clear that the CFPB will look unfavorably on lenders who can't demonstrate ongoing fairness monitoring. Quarterly testing is a reasonable minimum.
Your model documentation. Ensure your model risk management documentation covers the development lifecycle end-to-end. The CFPB wants to see that you understood the risks of your approach and took deliberate steps to mitigate them.
The timeline
This is interpretive guidance, not a new rule — which means it's effective immediately. The CFPB is signaling how it will evaluate existing practices, not creating new obligations with a future compliance deadline. If your current practices don't align with this guidance, the time to act is now.
How StackTalk helps
StackTalk's regulatory intelligence engine flagged this guidance within 30 minutes of publication and automatically generated impact assessments for customers operating lending products. Affected teams received a plain-language summary, a list of specific action items, and a pre-mapped compliance checklist — all before most compliance teams had even seen the announcement.
This is exactly the kind of regulatory change that catches teams off guard. With StackTalk, it doesn't have to.