BUY SIDE · FINTECH DILIGENCE

AI due diligence for FinTech acquisitions.

Credit scoring, underwriting, and fraud detection AI trigger ECOA adverse action obligations and EU AI Act Annex III classification. Most are undisclosed in data rooms.

SECTION 01

Why FinTech is different.

EU AI Act Annex III §5(b) classifies creditworthiness AI as high-risk. Conformity assessment, technical documentation, and post-market monitoring obligations attach.

Adverse action notices that do not reflect the model logic violate ECOA / Reg B. The CFPB has issued specific guidance on AI in lending.

Black-box credit models cannot meet ECOA explainability requirements. Most FinTech targets carry this exposure quietly.

IRON EXCERPT SAMPLE

IRON · FinTech sample

Series B · ML credit underwriting

ML credit scoring · ECOA

Disparate impact analysis not documented

Annex III §5(b) creditworthiness

Conformity assessment required

Model explainability gap

Black-box references in job postings

BSA/AML model risk

Vendor SOC 2 stale; CFPB MRM gap

SECTION 02

What IRON finds in FinTech deals.

ML credit scoring (ECOA)

Detected via engineering postings. Disparate-impact analysis not publicly documented.
Annex III creditworthiness AI

Triggers mandatory conformity assessment under EU AI Act Article 43.
Model explainability gap (CFPB)

Black-box model references conflict with CFPB AI-in-lending guidance.
BSA/AML model risk

Vendor model risk attestations stale or missing.

SECTION 03

Frameworks that apply.

Framework	Trigger	Obligation
EU AI Act	Art. 6, Annex III §5(b)	Creditworthiness classification, conformity assessment
ECOA / Reg B	Adverse action notices	Model logic explainability for adverse decisions
CFPB Model Risk	AI in lending guidance	Documentation, monitoring, vendor management
Colorado AI Act	SB 24-205	Consequential decision disclosures, impact assessment

Questions about a FinTech deal?

Book a 20-minute call →