AI governance questions every lending RFP should include

• Put these questions to any vendor that uses the word "AI" — in underwriting, pricing, servicing, or collections.
• Ask the vendor to answer for each AI feature separately; "our AI is governed" is not an answer until it is attached to a specific feature and a specific control.
• Watch for the difference between a deterministic decision and a model-driven one, and ask which is which for every decision that touches money.
• Treat "the model decides" as the start of a conversation about guardrails, not the end of one.

Two terms recur below. A deterministic core means the rules that change the book are explicit, versioned code that produces the same output every time, not a model’s probabilistic inference. Agent-as-principal means an AI agent acting on the system as if it were a user — which makes the question of what it is allowed to do, and what is recorded when it does, a governance question, not a feature.

1. For each decision the platform makes, is the logic deterministic code or a model’s output?
2. Which money-moving actions — pricing, disbursal, charge, waiver — are model-influenced?
3. Can the lender see, and version, the exact rules behind a deterministic decision?
4. Where a model is used, does it advise a deterministic step, or does it act directly?
5. Can a model’s influence be turned off per decision without the platform losing that function?

1. What are the hard limits on every AI action — amount, product, rate, customer segment?
2. Are guardrails enforced by the platform, or are they prompts the model is asked to respect?
3. Who sets and changes the guardrails, and is each change maker-checker approved and audited?
4. What happens when the model proposes an action outside the guardrail — blocked, or flagged?
5. Can guardrails differ by tenant, partner, product, and risk level?

1. Is every AI action recorded with the same actor / action / evidence / before-after structure as a human action?
2. Are the prompt, the data the model read, and the response captured, not just the outcome?
3. Is the AI audit trail in the same system as the human audit trail, or a separate log?
4. Can the lender reconstruct, after the fact, exactly why the AI proposed what it proposed?
5. Is the trail tamper-evident, so an AI action cannot be edited out of the record?

1. Which AI actions execute automatically, and which require a human approver?
2. Is maker-checker enforced on AI-proposed state-changes the same way it is on human ones?
3. Can a human see the evidence behind an AI proposal before approving it?
4. Can the approval threshold be tuned — more oversight on higher amounts or higher risk?
5. Is there a clear record of who approved an AI-proposed action, and when?

1. For any AI-influenced decision, can the platform produce a reason a human can read?
2. Is the explanation derived from the actual decision, or generated separately after the fact?
3. For an adverse decision, can the lender meet its obligation to tell the borrower why?
4. Are the inputs to a decision — the features and data used — visible to the lender?
5. Can the lender challenge or correct an explanation that does not match the outcome?

1. Is the lender’s borrower data used to train the vendor’s models?
2. If so, is it used only for this lender, or pooled across the vendor’s customers?
3. Can the lender opt out of model training entirely, and is opt-out the default?
4. Where does inference run, and does borrower data leave the residency boundary to reach a model?
5. Are model providers listed as sub-processors, with the same data terms as other sub-processors?
6. Is borrower data minimised, masked, or tokenised before any model sees it?

1. How is model performance monitored in production, and against what baseline?
2. Who is alerted when a model drifts, and what is the defined response?
3. How often are models retrained or recalibrated, and is the lender informed?
4. Is there a documented process to roll back a model version that degrades?
5. Can the lender see the version of every model that touched its book, and when it changed?

1. If the model is unavailable or times out, what does the platform do?
2. Does the system fail safe — hold the action for a human — or fail open and proceed?
3. Can the deterministic core continue to run the book with the model switched off?
4. Is a low-confidence model output treated differently from a high-confidence one?
5. Is every fallback event recorded, so the lender can see when the model was not in the loop?

1. When an AI agent acts on the system, does it act under its own identity, with its own permissions?
2. Are an agent’s permissions scoped by tenant, role, and organisational unit, like a user’s?
3. Who is accountable for an AI action — the lender, the vendor, or an unowned grey area?
4. Can the lender revoke or constrain an agent’s permissions without a vendor release?

Forty-five questions across nine themes. Ask them per AI feature; treat "the model decides" as the start of the guardrail conversation, not the end of it.

• Why does an RFP need separate AI governance questions at all?

  Because "AI" in a vendor demo can mean anything from a governed, bounded agent to a model that quietly makes money-moving decisions with no audit trail. The functional and security sections of an RFP rarely surface that difference. These questions do — they ask which decisions are deterministic, where the guardrails are, and what is logged when the AI acts.

• What is the difference between a deterministic core and a model making decisions?

  A deterministic core runs the book on explicit, versioned rules that produce the same result every time and can be read, audited, and rolled back. A model produces a probabilistic output that can drift and is harder to explain. The safest pattern is a deterministic core that runs the money-moving steps, with models advising inside guardrails — not models acting directly on the book.

• Is it a problem if a vendor uses AI to make decisions?

  Not in itself — models can sharpen underwriting, pricing, and collections. The problem is ungoverned AI: actions with no guardrail, no maker-checker, no audit trail, and no fallback. The questions here are not anti-AI; they are pro-governance. A good vendor will welcome them.

• What does "agent-as-principal" mean, and why ask about it?

  It means an AI agent acting on the platform as if it were a user — reading data and proposing or taking actions. If an agent can act, then its identity, its permissions, what it is allowed to do, and what is recorded when it does become governance questions. A vendor that has thought about this can answer them; one that has bolted AI on cannot.

• How should we score a vendor whose AI takes actions automatically?

  Ask what guardrails bound it, whether a human approves state-changes, what is logged, and what happens when the model is unavailable. Automatic action is not disqualifying; automatic action with no guardrail, no maker-checker, and no audit trail is. Score the controls, not the adjective.

• Does borrower data have to train the model for the AI to be useful?

  No. Many useful AI features run on a lender’s data at inference time without that data ever training a shared model. Ask whether training uses borrower data, whether opt-out is the default, and whether model providers are listed as sub-processors with proper data terms. Useful and privacy-respecting are not in tension.