The question hasn't arrived in most exam rooms yet. But it's coming. As AI-assisted credit analysis moves from experiment to standard practice, bank and non-bank examiners are developing frameworks to ask a question institutions aren't fully prepared to answer: if AI touched this credit decision, how did it work?
This isn't a distant regulatory future. The foundational frameworks are already in place. What's developing is how examiners apply them to AI in credit origination specifically — and how prepared lenders are when those questions arrive mid-examination.
The institutions getting ahead of this share one thing: their AI can explain itself. Most vendor AI cannot.
The regulatory landscape is further along than most vendors acknowledge
SR 11-7, the Federal Reserve and OCC joint guidance on model risk management, was issued in 2011 and has become the de facto standard for model governance at regulated institutions. What's less widely understood is that regulators have consistently applied SR 11-7 principles to AI and machine learning models — including tools used in credit analysis.
SR 11-7 requires, among other things: documentation of model purpose and assumptions, validation by parties independent of development, ongoing performance monitoring, and governance processes that define who is responsible for model outcomes. When an AI tool drafts a credit memo section, that tool is a model in the regulatory sense — and all of those requirements follow.
The OCC has been more direct. In its recent guidance on responsible innovation and bank supervision priorities, the OCC has explicitly flagged AI tools that influence credit decisions as subject to examiner scrutiny on governance, oversight, and explainability. The FDIC's technology supervision principles reinforce this: human accountability for AI-assisted decisions is a threshold requirement, not a best practice.
State regulators are catching up. Several states have enacted or proposed AI-in-lending regulations modeled on fair lending frameworks but extended to require that AI-influenced credit decisions be explainable — and that institutions demonstrate the human review that accompanied them.
What “explainable AI” actually means in a lending context
There's a common misconception that AI explainability is a technical challenge — something for data scientists to solve by opening the model architecture and showing which variables mattered. In a lending context, that's only a small part of the question.
What examiners actually want to know is institutional, not technical: What context was the AI given? What instructions was it operating under? Who reviewed what it produced? What was the final human decision, and where is that documented?
This is the same framework examiners apply to traditional credit analysis. When they review a credit file, they're not asking to see the analyst's cognitive process — they're checking that a reasonable process was followed, documented, and reviewed. AI doesn't change that requirement; it adds a new layer to it. Now the process includes an AI-generated step, and that step needs to be as documented as everything else.
Examiners aren't asking to audit the model. They're asking to audit your process for using it.
Four questions your AI needs to be able to answer
Based on SR 11-7 principles and emerging AI examination practice, here are the four questions institutions should be able to answer about any AI tool involved in credit analysis:
What context was the AI given?
For every AI-generated output, you should be able to identify which source documents were fed in, what financial data was included, and what external references (regulatory text, market data) the AI was drawing from. If the AI generated a DSCR analysis, the underlying financial data that informed it should be traceable to specific uploaded files.
What instructions was it operating under?
The AI's behavior is shaped by instructions — whether those are called prompts, skills, configurations, or system parameters. Those instructions should be visible to your team (not just the vendor), logged at the time of generation, and reconstructable. “We used a black-box tool and it produced this output” is not an answer that satisfies SR 11-7.
Who reviewed the AI output, and what did they do with it?
There must be a human review record — not just a policy that says review happens. The specific analyst who reviewed each AI-generated section, the edits they made (or chose not to make), and the approval should all be logged with timestamps. The record should make clear that a qualified person considered and accepted responsibility for the output.
Can the output be reproduced and traced?
If an examiner points to a specific paragraph in a credit memo two years from now and asks how it was generated, your institution should be able to answer. That requires version-pinned model records, snapshot logging of generation contexts, and a complete chain from initial AI output to final reviewed document. Most tools produce outputs with no record of how they were produced.
What an adequate AI audit trail looks like
The baseline audit trail for AI-assisted credit analysis isn't dramatically different from what good lending operations already maintain for traditional analysis — it's the same principle applied to a new step in the process.
At the generation level, the record should capture: the source documents selected for the generation, all active prompt layers or instructions, the model version, and the full assembled context (reconstructable verbatim, not just a summary). This is what makes the output traceable — not just the fact that AI was used, but precisely how it was used for this specific section of this specific memo.
At the review level, the record should capture: the identity of the reviewing analyst, the timestamp of review, every edit made to the AI output before approval, and the final approval with role and timestamp. This is the human accountability layer that SR 11-7 requires.
Taken together, this is a “generation snapshot” — a complete, immutable record of everything that went into producing a memo section and everything that happened to it afterward. Most AI tools for lending don't produce this record. That gap is manageable until an examination surfaces it.
Evaluating AI vendors on governance
When evaluating AI tools for credit analysis, the governance questions should carry equal weight with the capability questions. A tool that drafts excellent memos but produces no audit trail is a compliance liability. Here are the questions worth asking any vendor:
Red flags in vendor responses: vague references to “robust logging” without specifics; inability to describe what a generation snapshot contains; review steps described as best practices rather than enforced gates; model versioning that updates automatically without preserving prior records.
Getting ahead of the examination
Examination readiness for AI in credit analysis isn't about having perfect answers. It's about having the documentation to show that your institution approached this thoughtfully: that you understood the AI's role, that your team maintained accountability for its outputs, and that the records exist to demonstrate both.
The institutions that get ahead of this will have an advantage that goes beyond examination outcomes. When every AI-generated conclusion is traceable and every AI-assisted decision carries a documented human review, the institutional discipline that produces good examination results also produces better credit decisions — because the process that creates the audit trail is the same process that catches the errors.
The AI question in credit origination is ultimately the same question institutions have always faced from examiners: show me how you reached this conclusion. The tools are new. The standard isn't.
How CORE addresses this
CORE builds generation snapshots, enforced review gates, and complete audit trails into the credit memo workflow — not as add-ons, but as the architecture. Every generation logs its full context. Every AI output requires documented analyst sign-off. Every decision is reconstructable.