FirmAdapt is an AI-powered business diagnostics platform that audits companies to expose operational inefficiencies and broken processes. We then deploy custom AI agents, robotic process automation, and engineered solutions to fix the problems we find. Our diagnostic tools include company audits, website audits, competitive intelligence, and faith-based compliance screening.

Does FirmAdapt have a free API?

Yes, FirmAdapt offers free open API endpoints that require no authentication. AI agents and developers can make up to 10 requests per week without signing up. The API supports company profile lookups, faith-based compliance screening, and stock searches across 12 global markets.

What is faith-based stock screening?

Faith-based stock screening analyzes a company's financial ratios and business activities to determine compliance with religious investment guidelines. FirmAdapt supports 9 frameworks including Shariah (AAOIFI, S&P), Christian (BRI), Catholic (USCCB), Jewish (Halakhic), LDS/Mormon, ESG Religious, and Evangelical standards.

Can AI agents use FirmAdapt?

Yes, FirmAdapt is designed for native AI agent integration. It provides an MCP (Model Context Protocol) server for Claude Desktop, Cursor, and other AI tools. AI agents can access company profiles, run faith-based compliance screens, and search stocks across 12 global markets using free open endpoints with no API key required.

What markets does FirmAdapt support?

FirmAdapt supports 12 global markets: US (NYSE/NASDAQ), UK (London Stock Exchange), Germany (XETRA), France (Euronext Paris), Japan (Tokyo Stock Exchange), India (NSE/BSE), Saudi Arabia (Tadawul), UAE (Dubai/Abu Dhabi), Malaysia (Bursa), Indonesia (IDX), Canada (TSX), and Australia (ASX).

Back to Blog

AI complianceregulatoryfinancial servicesbankingcomplianceFCRA

Consumer Lending and the FCRA Adverse Action Requirement When an AI Made the Decision

By Basel IsmailMay 8, 2026

Consumer Lending and the FCRA Adverse Action Requirement When an AI Made the Decision

Section 615(a) of the Fair Credit Reporting Act has been around since 1970. The requirement is straightforward: if you deny a consumer credit based in whole or in part on information from a consumer reporting agency, you must provide the specific reasons for the denial. Not vague reasons. Not a form letter that says "various factors." The actual, specific reasons that drove the decision. The regulation at 12 CFR 1002.9 (implementing ECOA, but functionally intertwined with FCRA adverse action obligations) requires up to four principal reasons, ranked by their effect on the decision.

For decades, this was manageable. Traditional credit scoring models, like FICO's logistic regression models, are inherently interpretable. You can trace the math. A consumer's score dropped because of a 92% utilization ratio on revolving accounts, a 14-month average account age, and two hard inquiries in the last six months. You rank those factors by their marginal contribution to the score, generate your reason codes, and send the notice. Done.

Then lenders started using gradient-boosted decision trees, neural networks, and deep learning architectures for underwriting. And the explainability problem became very real, very fast.

Why Deep Learning Models Break the Reason Code Framework

A deep neural network making an underwriting decision might ingest hundreds of features and process them through multiple hidden layers with nonlinear activation functions. The model's decision boundary exists in a high-dimensional space that resists human-readable summarization. You cannot simply point to a weight on a single input variable and say "this is why," because the model's output depends on complex interactions between features at every layer.

The traditional approach of using Shapley values (SHAP) or LIME to generate post-hoc explanations has become the industry's go-to workaround. These methods approximate feature importance by perturbing inputs and observing changes in output. They produce something that looks like a reason code. But there are well-documented problems with this approach.

First, SHAP explanations are approximations of the model's behavior, not descriptions of its actual reasoning process. A 2022 paper from Duke's Cynthia Rudin and collaborators demonstrated that post-hoc explanations can be unstable, meaning small changes in input data can produce substantially different explanations even when the decision itself does not change. If your adverse action notice says "high credit utilization" today but would have said "short credit history" with a trivially different input configuration, you have a problem. The consumer is entitled to the actual reasons, and it is unclear whether an approximation satisfies that statutory requirement.

Second, the CFPB has signaled clearly that it is paying attention. In the September 2022 circular on adverse action requirements (Circular 2022-03), the Bureau stated explicitly that creditors cannot avoid adverse action notice requirements simply because they use complex algorithms. The Bureau wrote that "the use of complex algorithms does not excuse a creditor from providing the specific reasons for adverse action." They further noted that approximations and technical limitations of a model are not a defense. If you cannot explain the decision, the Bureau's position is that you should not be using the model for that purpose.

The Regulation B Intersection

This gets more complicated when you layer in Regulation B (ECOA's implementing regulation). Regulation B at 12 CFR 1002.9(b)(2) requires that the reasons provided must "specifically relate to and accurately describe the factors actually considered or scored by the creditor." The word "actually" is doing significant work in that sentence. A post-hoc approximation of what the model might have been doing is arguably not a description of what the model actually considered.

The FTC and CFPB have brought enforcement actions that reinforce this reading. In CFPB v. Fairway Independent Mortgage Corp. (2023 consent order, $1.9 million penalty), the Bureau demonstrated its willingness to scrutinize lending practices for ECOA compliance. While that case focused on advertising discrimination rather than model explainability, the enforcement posture is clear. The Bureau has the tools, the mandate, and the inclination to go after lenders whose AI systems produce decisions they cannot adequately explain.

What Some Lenders Are Doing (and Whether It Works)

The industry has broadly adopted three strategies, each with tradeoffs:

Inherently interpretable models. Some lenders have moved back to logistic regression, generalized additive models (GAMs), or other glass-box approaches for final credit decisions. Cynthia Rudin's research group has shown that interpretable models can match or closely approach the accuracy of black-box models on structured tabular data like credit bureau files. The accuracy gap, when it exists, is often 1-2% in AUC, which is a reasonable tradeoff for regulatory compliance.
Surrogate model explanations. Others train a simpler, interpretable model to mimic the complex model's decisions, then generate reason codes from the surrogate. This is widespread but legally fragile. The surrogate's explanations describe the surrogate's logic, not the actual model's logic. If a regulator asks whether the reason codes reflect the factors "actually considered," the honest answer is no.
Constrained architectures. A growing number of lenders use models that are complex enough to capture nonlinear patterns but architecturally constrained to produce traceable decision paths. Monotonic gradient-boosted trees, for example, can enforce directional constraints (more debt always pushes the score in one direction) while still capturing interactions. These models produce reason codes that are both accurate and stable.

The third approach is gaining traction because it threads the needle. You get modeling flexibility without sacrificing the ability to generate compliant adverse action notices.

The Litigation Risk Is Not Hypothetical

Class action plaintiffs' attorneys have noticed the gap. In Gonzalez v. Loanpal (N.D. Cal., filed 2021), plaintiffs alleged that the lender's adverse action notices failed to provide meaningful reasons because the underlying model was opaque. The case settled, so there is no published opinion on the merits, but the theory of liability is sound and will be tested again. A lender sending reason codes generated by SHAP approximations of a neural network is exposed to the argument that those reasons are not "specific" within the meaning of FCRA Section 615(a).

The statutory damages under FCRA are $100 to $1,000 per violation (15 U.S.C. 1681n), which scales quickly in a class action covering thousands of denied applicants. Add punitive damages and attorney's fees, and the exposure is substantial.

The Practical Compliance Question

For compliance teams and general counsel at lending institutions, the question is not whether AI can be used in underwriting. It clearly can, and it offers real benefits in risk assessment. The question is whether your current model architecture allows you to generate adverse action notices that satisfy FCRA and Regulation B on their terms, not on the terms your data science team wishes the statute used.

This means compliance needs to be involved in model selection, not just model validation. If your data scientists select a deep learning architecture and your compliance team only sees the output after deployment, you have a process problem. The adverse action requirement should be a design constraint from the beginning of model development.

How FirmAdapt Addresses This

FirmAdapt's architecture treats regulatory requirements like FCRA adverse action obligations as first-order design constraints rather than post-deployment compliance checks. The platform enables organizations to build and deploy AI decision systems where explainability is structural, built into the model architecture itself, rather than approximated after the fact. This means the reasons surfaced for any given decision reflect the actual factors the model weighted, not a post-hoc reconstruction.

For lending institutions specifically, FirmAdapt provides audit trails that map each decision to its contributing factors in a format consistent with FCRA Section 615(a) and Regulation B requirements. The compliance documentation is generated contemporaneously with the decision, which addresses both the regulatory requirement and the evidentiary need if that decision is later challenged in litigation or examination.

Ready to uncover operational inefficiencies and learn how to fix them with AI?

Try FirmAdapt free with 10 analysis credits. No credit card required.

Get Started Free