CFPB + Banking-Supervisor AI Readiness Evidence Bundle v0.1 draft. Profile of the Evidence Bundle spec scoped to evidence an institution's program toward CFPB AI bulletin (2023), CFPB Section 1071 small business lending, CFPB Section 1033 financial data rights, CFPB UDAAP, OCC/FRB/FDIC joint statement on use of AI (2023), OCC Bulletin 2011-12 model-risk-management, FRB SR 11-7, ECOA Reg B (12 CFR Part 1002), FCRA Reg V (12 CFR Part 1022), GLBA Safeguards (16 CFR Part 314), and BSA/AML (31 CFR Part 1010). Names 8 obligation families, required evidence kinds per family, freshness windows, and the decision-document conventions a CFPB examiner + OCC/FRB/FDIC banking supervisor + state-banking-regulator examiner + outside banking counsel expect.
Part of the Kinetic Gain Protocol Suite.
Status: v0.1 draft. Profile at
profile.json, canonical example atexamples/meridian-cfpb-2026q4/.
| Code | Citation | Required evidence kinds (excerpt) |
|---|---|---|
| model-risk-management | OCC Bulletin 2011-12 + FRB SR 11-7 + OCC/FRB/FDIC joint AI statement (2023) | mrm-policy-document · per-model-risk-tier-classification · per-model-validation-report · per-model-ongoing-monitoring-report · per-model-change-management-record · mrm-governance-committee-minutes |
| ecoa-reg-b-fairness | ECOA 15 USC §1691 + Reg B 12 CFR Part 1002 | ecoa-notice-templates · ecoa-reason-code-dictionary · ecoa-25-month-recordkeeping-log · fair-lending-self-test-results |
| fcra-reg-v-credit-bureau-handling | FCRA 15 USC §1681 + Reg V 12 CFR Part 1022 | fcra-permissible-purpose-certifications · fcra-consumer-dispute-pathway-documentation · fcra-section-615-notice-templates · fcra-accuracy-and-integrity-policy |
| glba-safeguards | GLBA 16 CFR Part 314 + 12 CFR Part 1016 | glba-wisp-document · glba-qualified-individual-designation · glba-third-party-service-provider-list · glba-incident-response-plan · glba-annual-report-to-board |
| bsa-aml | BSA 31 USC §5311 + 31 CFR Part 1010 + FinCEN guidance | bsa-aml-policy-document · kyc-procedures-document · sar-filing-process-documentation · ofac-screening-evidence · ai-augmentation-governance-attestation |
| section-1071-small-business | 12 CFR Part 1002 Subpart B | section-1071-lar-snapshot · section-1071-firewall-attestation · section-1071-annual-submission-receipt · section-1071-edit-error-report |
| section-1033-financial-data-rights | 12 CFR Part 1033 (proposed / finalized; conditional per phase-in) | section-1033-authorized-third-party-list · section-1033-consumer-data-portability-pathway-documentation · section-1033-data-minimization-attestation |
| cfpb-udaap | 12 CFR Part 1031 + CFPB UDAAP examination manual + 2023 AI bulletin | udaap-policy-document · complaint-handling-procedure · complaint-trend-analysis · ai-dark-pattern-monitoring-evidence |
| Family | Window |
|---|---|
| MRM validation | P365D |
| MRM ongoing monitoring | P90D |
| ECOA recordkeeping | P760D (25-month minimum per 12 CFR §1002.12) |
| FCRA accuracy/integrity review | P365D |
| GLBA annual report | P365D |
| BSA/AML independent test | P365D |
| Section 1071 annual submission | P365D |
| UDAAP complaint trend analysis | P90D |
examples/meridian-cfpb-2026q4/ — Meridian Financial's 2026 Q4 CFPB readiness bundle covering three in-scope AI systems (VendorF CreditMind v4.x + Meridian internal FraudShield v6.2 + VendorG AMLSentry v2.x), 11 evidence items across the eight families. Cross-references the financial-decision-record-audit-stream extract under the ecoa-reg-b-fairness family.
| Repo | Role |
|---|---|
evidence-bundle-spec |
Base spec |
financial-decision-record-audit-stream |
Audit-stream extracts feed ecoa-reg-b-fairness + cfpb-udaap families |
state-financial-ai-disclosure-tracker |
Identifies which state's overlays apply atop the federal floor |
hipaa-readiness-evidence-bundle |
Sibling HealthTech compliance bundle |
ferpa-readiness-evidence-bundle |
Sibling EdTech compliance bundle |
respa-readiness-evidence-bundle |
Sibling PropTech compliance bundle (mortgage-specific overlay atop ECOA + FCRA + GLBA) |
naic-ai-bulletin-readiness-evidence-bundle |
Sibling InsurTech compliance bundle |
eeoc-readiness-evidence-bundle |
Sibling HR Tech compliance bundle |
FinTech-readiness scaffolding for CFPB + OCC + FRB + FDIC + ECOA + FCRA + GLBA + BSA/AML + Section 1071 + Section 1033 readiness. Supports an institution's program toward CFPB examination readiness, OCC/FRB/FDIC supervisory examination readiness, Section 1071 LAR submission readiness, fair-lending self-testing readiness, BSA/AML independent-test readiness, and state-banking-regulator examination readiness. Does not by itself establish compliance with any of those statutes or rules. Per the standing public-language guardrail: readiness · evidence · posture · controls · scaffolding — never "CFPB-compliant" or "ECOA-attested" without an external attestation.
MIT — see LICENSE.