Audit-first AI governanceThe decision record examiners actually want
When an AI-assisted decision is challenged, an examiner, auditor, or litigator asks the same five questions. This brief sets out the anatomy of a record that can answer them — grounded in bank model-risk and adverse-action expectations.
Something will eventually go wrong with an AI-assisted decision. A loan that should have been approved gets denied. A flag that should have fired stays silent. A vendor model behaves differently in production than it did in validation. When that happens, the conversation is no longer about model accuracy or throughput. It is about accountability. And the person across the table — an examiner, an internal auditor, a plaintiff's counsel — asks a remarkably consistent set of questions.
What was decided? By whom, or by what? On what basis? With what evidence? And could a human have intervened?
The hard part is not answering those questions in principle. It is answering them with a record that was created at the moment the decision happened, rather than reconstructed after the fact. A log you assemble later — pulling timestamps from one system, model outputs from another, and an analyst's recollection from a third — is not the same thing as a record. It is a reconstruction, and everyone in the room knows the difference. The reconstruction is built by the party with an interest in the outcome, after the outcome is known. That is exactly the circumstance in which contemporaneous evidence is most valued and after-the-fact narrative is most discounted.
This brief describes the record that survives that scrutiny: what it must contain, why each element is there, and how it maps to expectations regulated institutions already answer to.
Why "the model said no" is not a record
Two well-established regimes make the standard concrete.
The first is bank model-risk management — the supervisory lineage anchored by SR 11-7 and associated with the OCC and the Federal Reserve. Its durable pillars are documentation of how a model works and is used, independent validation and effective challenge, governance and controls, and ongoing monitoring. The throughline is that a consequential model cannot be a black box trusted on faith. Someone independent of the people who built and run it must be able to examine what it did and challenge it — and that examination depends on a documentary trail that exists whether or not anyone has yet asked for it.
The second is adverse-action notice under ECOA and Regulation B. When a creditor denies an application, the applicant is entitled to the specific and accurate principal reasons for that denial. This is the rule that exposes the gap most clearly. "The model declined the application" is not a reason. "The score fell below threshold" is not a reason. The institution must be able to state the actual factors that drove the outcome, accurately, for that applicant. If the deciding system did not record which factors and which evidence produced the verdict at the time it produced it, the institution is left inferring reasons after the fact — and an inferred reason is neither demonstrably specific nor demonstrably accurate.
Both regimes, read plainly, demand the same thing: a record made in the moment that ties a decision to its basis. Neither is satisfied by an explanation generated later.
Anatomy of a defensible AI decision record
A record that can answer the five questions is not a free-text note. It is a structured artifact with named parts, each carrying its own evidentiary weight. Here is what belongs in it.
The actor and its authority
Name the agent that proposed the action and the bounds it was permitted to operate within. A defensible record does not just say what happened; it establishes that the actor was authorized to make this class of decision in the first place. An action that falls outside declared authority is itself a finding — and the record should show that the boundary existed before the action, not that it was drawn afterward.
The proposed action
State the specific action under consideration — approve this application, flag this transaction, release these funds — before the verdict. Separating the proposal from the outcome is what makes the next elements meaningful: you can see what was checked against what.
The policy and rules checked, with pass/fail per check
This is the spine of the record. List the policies, rules, and limits evaluated, and the result of each one individually — passed, failed, not applicable. A single overall verdict is not enough. Effective challenge requires seeing the checks decompose, so a reviewer can challenge any one of them. This is also where adverse-action reasons live: the specific checks that failed are the specific, accurate reasons a denial requires.
The evidence cited
Each check should point to the evidence it relied on — the document, the data field, the prior record. Evidence cited at the time of decision is verifiable. Evidence produced when a reviewer asks for it is, at best, a reconstruction of what was probably consulted.
The verdict
The outcome — allow, block, or escalate — stated explicitly and tied to the checks above. A clean record makes the verdict a consequence of the checks, not an assertion alongside them.
The human approver, where one was required
If the action was escalated rather than taken autonomously, the record names the human who reviewed it and what they approved. This is the element that answers could a human have intervened? — not as a policy claim, but as a fact in the record for this specific decision.
A tamper-evident signature
The record carries a cryptographic signature so that any later alteration is detectable. Without it, an append-only claim is just a promise. With it, the record's integrity is something a third party can verify rather than take on trust.
Append-only preservation with supersession lineage
The record is never edited in place. If a decision is revisited or reversed, a new record supersedes the old one and the lineage between them is preserved. The original is not erased — it is retained, with its successor linked. This is what lets a reviewer reconstruct not just the final state but the sequence of judgments that led there, which is frequently the question that actually matters.
How this maps — and where it stops
Mapped honestly, this record supports the regimes above. It gives model-risk validation a contemporaneous, decomposable trail to challenge. It gives adverse-action notice the specific failed checks that constitute accurate reasons. It produces audit artifacts as a byproduct of operation rather than as a reconstruction project.
What it does not do is replace an institution's own governance. A signed record does not validate a model — independent validation does. It does not write the adverse-action notice — it supplies the accurate inputs the notice is built from. It does not substitute for the institution's policies, its second line of defense, or its supervisory relationships. KAiM Helm produces the evidentiary foundation; the institution's governance program is what stands on it. Anyone who tells you a record format satisfies a regulatory regime on its own is overclaiming, and examiners notice overclaiming.
KAiM Helm produces a signed, reproducible decision record — with the anatomy above — for every action it evaluates, at the moment of evaluation. It is at the design-partner and controlled-demonstration stage; the controls described here are real and demonstrable, and we make no customer-deployment or certification claims.
Key takeaways
- A reconstruction is not a record. Evidence assembled after an outcome is known, by the party with an interest in it, is discounted exactly when it matters most. The record has to exist in the moment.
- The five questions are predictable. What was decided, by whom or what, on what basis, with what evidence, and could a human intervene. Build the record to answer those, structurally, and the after-the-fact scramble disappears.
- Decompose the checks. A single verdict cannot support effective challenge or accurate adverse-action reasons. Per-check pass/fail, with cited evidence, is what both regimes actually need.
- Integrity has to be verifiable, not promised. A tamper-evident signature and append-only, supersession-aware preservation are what turn "trust our log" into "verify our record."
- The record supports your regime; it does not replace your governance. Be candid about that line — it is the difference between a credible position and an overclaim.
The institutions that come through an AI-related examination cleanly are not the ones with the best after-the-fact explanation. They are the ones whose evidence was captured as the decision happened, in a form built to be examined.
If you want to see how your own AI-assisted decisions would hold up against the five questions — what is captured at the moment of decision today, and where the record has gaps — start with a Control Gap Assessment. It is a scoped read of your AI decisions against the record anatomy above, with honest status for each element.