A European Bank Just Asked How Your AI Credit Scoring Tool Handles Adverse Action Notices: Answering the Article 13 and 86 Explainability Questions

The vendor risk team at a mid-sized European bank just sent over a 52-question AI governance questionnaire. You're on page 3 — "Automated Decision Transparency" — and question 14 reads:

"When your AI system contributes to a credit denial or adverse pricing decision, what information does the applicant receive to explain the outcome?"

If your product scores creditworthiness, ranks applicants, or influences loan pricing, this question is about you. Here's how to answer it — and why EU AI Act Articles 13 and 86 are the two provisions you need to master before your next procurement call.

Why Credit AI Gets Double Scrutiny

Credit scoring AI sits squarely in EU AI Act Annex III point 5(b): "AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score." That's a mandatory high-risk classification with no wiggle room.

But the bank asking you this question has a second layer of pressure: EU AI Act Article 86 gives affected individuals the right to obtain "meaningful explanations" of high-risk AI decisions that significantly affect them. The bank, as deployer, must be able to provide those explanations. They need to know your system makes that possible.

The 4 Questions You'll Actually Get

1. "What explanation does your system provide when an applicant is denied or receives adverse pricing?"

What they're asking: Can the bank give the applicant a meaningful, individualized explanation — not a boilerplate statement — of why the AI reached its output?

How to answer: Be concrete about what your system produces at the time of a decision. Strong answers describe the output in terms of the most influential features — for example: "The three most significant factors in this decision were debt-to-income ratio, recent credit inquiries, and employment tenure" — rather than abstract model scores. If your system produces a ranked list of contributing factors with directional indicators (what increases or decreases approval probability), describe that output format explicitly.

Weak answers say "the model produces a score between 0 and 1." Procurement teams know this tells them nothing useful for adverse action notices.

2. "Can an applicant or their representative challenge an adverse AI-influenced decision and receive human review?"

What they're asking: Is there a pathway for the bank to fulfill Article 86 right-to-explanation and GDPR Article 22 right not to be subject to purely automated decisions?

How to answer: Article 22 of GDPR already requires this pathway for fully automated decisions with significant effects. Under EU AI Act Article 86, high-risk AI deployers must enable individuals to obtain an explanation and request human review. Your answer needs to address both.

Describe whether your system supports a "flag for human review" workflow — where a flagged application bypasses the automated output and goes to a human underwriter. If the bank must implement that workflow on their side, say so, but confirm your system produces the input information (explanation and contributing factors) needed to make that review meaningful.

3. "How do you ensure explanations remain accurate after model retraining?"

What they're asking: If your model is retrained on new data and feature importance shifts, does the explanation logic update automatically? Could a deployed explanation mechanism become out of sync with actual model behavior?

How to answer: This is a model governance question. Describe your model versioning and explanation validation process. If you run automated tests that verify explanation fidelity after each retraining cycle — checking that the factors your system reports as most influential actually are the most influential — say so.

If your explanation layer is tightly coupled to a specific model version and retraining requires re-validating the explanation component, acknowledge the dependency and describe the validation gate that prevents deployment of a retrained model with a mismatched explanation layer.

4. "Do you provide output that satisfies GDPR Article 22 'meaningful information' requirements, not just EU AI Act Article 13?"

What they're asking: Article 13 requires transparency about the system. Article 22 requires transparency about the specific decision. These are different obligations. The bank wants to know you cover both.

How to answer: Article 13 is satisfied by your system card, documentation, and general transparency materials. Article 22 is satisfied by per-decision, individualized explanation output. Confirm that your system produces both: system-level documentation for Article 13 (which you can share as a vendor artifact), and per-decision explanation output that the bank can deliver to applicants for Article 22 and Article 86 purposes.

If your per-decision explanation output is available via API for the bank to incorporate into their customer communications, mention that — it's the architectural pattern that makes deployer obligations tractable.

Why the Bank's Risk Team Is So Thorough

Banks operating in the EU are themselves regulated under EBA guidelines on internal governance and model risk management. When they ask your AI vendor these questions, they're not being difficult — they're filling in their own vendor risk assessment for their regulator. Your clear, technical answers directly reduce their compliance workload.

The CTOs who close enterprise banking deals fastest are the ones who can drop a precise, documented answer into the procurement portal within 48 hours. That speed signals organizational readiness more than any feature checklist.

Try Complizo free at complizo.com