Markets · Financial Services
Financial Services AI Control Readiness
AI governance in financial services is not just a technology problem. It is a threshold, model-risk, adverse-action, vendor, monitoring, and evidence problem. Sellhausen Consulting helps banks, credit unions, fintech lenders, and financial-services vendors determine which AI and model-risk expectations apply to their use cases — then map those expectations to controls and evidence.
The problem
Financial institutions are moving faster with AI than the supervisory environment can cleanly absorb.
Traditional model risk guidance does not always map neatly to generative AI, LLMs, agentic workflows, vendor AI, or AI systems embedded in business operations. At the same time, existing obligations around safety and soundness, fair lending, adverse action, third-party risk, monitoring, validation, and consumer protection still matter.
The question is not simply:
Are we using AI?
The better question is:
Which AI-supported decisions require which controls and evidence?
Who this is for
Financial institutions, vendors, and the people accountable for AI risk inside them.
- — Banks
- — Credit unions
- — Fintech lenders
- — AI lending vendors
- — Financial-services vendors
- — Model risk teams
- — Compliance teams
- — CRO organizations
- — Fair lending teams
- — Vendor risk teams
- — Internal audit teams
- — AI governance leads
What we help with
Applicability analysis
We determine which sources apply directly, indirectly, by analogy, or not at all.
Axes evaluated
- — Traditional model risk expectations
- — AI governance frameworks (NIST AI RMF, ISO 42001)
- — Sector-specific AI risk frameworks
- — ECOA and Regulation B adverse action obligations
- — Third-party risk expectations
- — State AI law exposure
- — Federal procurement exposure, if applicable
- — Generative AI and agentic AI governance gaps
Decision-control mapping
We map each AI system to the decision it influences. Common decision domains in financial services include:
- — Credit underwriting
- — Loan pricing
- — Prequalification
- — Fraud detection
- — Collections prioritization
- — BSA / AML alert triage
- — Customer service chatbots
- — Complaint routing
- — Internal policy copilots
- — Marketing personalization
- — Vendor scoring tools
Evidence readiness
We identify the evidence an examiner, auditor, board, or committee will accept as proof a system is governed.
- — Model inventory
- — AI use case inventory
- — Applicability determination memo
- — Model and system documentation
- — Validation report
- — Outcomes analysis
- — Monitoring dashboard
- — Fair lending analysis
- — Adverse action reason mapping
- — Vendor due diligence packet
- — Human review procedure
- — Change control log
- — Board and committee reporting
Common governance gaps
Where financial institutions usually miss.
Generative AI governance gap
The April 17, 2026 interagency model risk guidance (SR 26-2 / OCC Bulletin 2026-13 / FDIC FIL-15-2026) states verbatim in OCC Bulletin 2026-13 that generative AI and agentic AI models are not within the scope of that guidance. That does not mean they are ungoverned. It means the organization needs an interim control and evidence structure.
Adverse action evidence gap
If AI influences credit decisions, the organization must support specific and accurate adverse action reasons under ECOA and Regulation B. That requires more than a generic explanation statement — it requires reason-code mapping the institution can defend.
Vendor opacity gap
Financial institutions remain accountable for third-party AI systems they use. Vendor documentation, testing evidence, monitoring responsibilities, and contractual safeguards need to be reviewable.
Human oversight gap
"Human in the loop" is not a control unless the organization can prove what the human reviews, when they intervene, what authority they have, and how the review is documented.
Monitoring gap
AI control is not finished at launch. Institutions need ongoing monitoring, drift review, exception tracking, complaint signals, incident handling, and change management.
Deliverables
What an engagement produces.
- Organization applicability profile
- Financial-services AI use case inventory
- Source applicability matrix
- Decision-control map
- Required controls register
- Evidence checklist
- Generative AI governance gap register
- Adverse action reason-mapping review
- Vendor AI evidence review
- Monitoring and remediation roadmap
- Executive readout
The outcome
The institution can answer.
- Which AI and model-risk expectations apply to this institution?
- Which use cases influence consequential financial decisions?
- Which systems are traditional models, generative AI, agentic workflows, or vendor-provided AI?
- Which controls are required for each use case?
- What evidence would an examiner, auditor, board, or risk committee ask for?
- Which gaps should be fixed first?
Next step
Start with applicability.
If your institution is using AI in credit, fraud, compliance, customer-facing, or operational decisions, the first conversation is an applicability conversation.
Book an Applicability Call