Financial Services AI

AI for credit risk in Australian lending: models, CPS 230 and explainability

How Australian lenders can use AI for credit risk — scoring, early-warning and collections — while meeting APRA CPS 230 operational-risk, model risk and explainability expectations that make black-box models hard to deploy in lending decisions.

Quantum Associates — Quantum Associates

· 7 min read

Credit risk is where lending lives or dies, so it is also where the temptation to reach for a smarter model is strongest. Gradient-boosted trees and, increasingly, neural approaches genuinely out-predict the old logistic scorecards on default and delinquency. But a lending decision is not a Kaggle leaderboard. You have to explain it to the customer you just declined, defend it to APRA, and keep the whole thing running when a data feed silently breaks at 2am on a Sunday.

The summary you can act on: AI for credit risk pays off first in the places where a human still makes the final call — early-warning signals, collections prioritisation, and analyst triage — not in the fully automated accept/decline decision, where explainability and adverse-action obligations quickly erode the accuracy advantage of a black-box model. Get the operating model right before you get the algorithm clever.

Where AI actually earns its keep in credit risk

There are three families of use case, and they carry very different risk profiles.

Origination and scoring. This is the obvious one: predict probability of default at application and through the book. Machine-learning scorecards routinely lift discrimination (the Gini or AUC) over a traditional scorecard, especially on thin-file and near-prime segments where linear models struggle. The catch is that origination is also the most heavily scrutinised decision you make. A better AUC that you cannot explain to a declined applicant or an APRA reviewer is a liability, not an asset.

Early-warning systems (EWS). Here the economics are cleaner. Models that flag accounts drifting toward stress — from transaction patterns, missed-payment precursors, changing balances, or external signals — let you intervene early with a hardship conversation or a restructure. Nobody gets declined by an EWS; a human does. That single fact removes most of the adverse-action and explainability burden and makes EWS the highest-return, lowest-friction place to start.

Collections and hardship optimisation. AI can rank which accounts to contact, when, and through which channel, and can predict who will self-cure versus who needs active help. Done well, this is both commercially sensible and better for customers in genuine hardship. Done badly, it becomes an automated pressure engine that ignores vulnerability — which is exactly the kind of thing that attracts regulatory and reputational damage. Treat collections optimisation as a decision-support tool with hardship and vulnerability guardrails baked in, not a fully automated dialler.

The pattern across all three: the value is highest and the regulatory friction lowest wherever a competent human remains in the loop on the consequential decision. For a deeper view of the sector context, see our note on financial services.

The explainability wall — and why it is real

Australian lenders operate under an adverse-action reality even without a single named statute forcing it: responsible lending obligations, the Banking Code, ASIC’s expectations, and plain customer-service pressure all mean that when you decline someone or price them up, you need a defensible reason. “The model said so” is not a reason.

This is where black-box AI hits a wall in origination. Two things matter:

  • Global explainability — you can describe, at the model level, which factors drive the score and confirm none of them are prohibited or proxying for something prohibited.
  • Local (per-decision) explainability — for any individual outcome, you can produce the specific reasons that decision went the way it did.

Techniques like SHAP values give you post-hoc local explanations for tree ensembles, and they are useful. But be honest about their limits: a SHAP attribution is a mathematical decomposition of a model’s output, not a legally robust “reason for decline” in the way a scorecard’s reason codes are. When two correlated features share credit, the attribution can look arbitrary to a customer. Regulators and internal audit are increasingly alert to the difference between a plausible-sounding explanation and one you can actually stand behind.

The practical consequence: many Australian lenders keep an interpretable model (a monotonic scorecard or a constrained GBM with enforced monotonic constraints) as the decision engine at origination, and reserve richer models for ranking, prioritisation, and challenger analysis. A constrained model that is 1 or 2 points of Gini behind the black box, but whose reason codes you can defend, is usually the better business decision.

CPS 230 turns your model into an operational-risk problem

From mid-2025, APRA’s CPS 230 reframes how you have to think about any material system in a regulated entity — and a credit-decisioning model is squarely in scope. The standard is about operational risk management, business continuity, and service-provider management, and it forces three questions that most credit teams have historically waved away:

  1. Is this a critical operation? Origination and collections decisioning almost certainly are. That means you need defined tolerance levels for disruption, tested continuity arrangements, and a clear-eyed view of what happens when the model or its data pipeline fails.

  2. Who are your material service providers, and can you manage the risk? If your model runs on a cloud ML platform, calls an external bureau or data enrichment API, or was built by an external vendor, those are third parties whose failure is now your board’s problem. You need to identify them, assess concentration risk, and have arrangements you can actually invoke.

  3. Can you keep operating when it breaks? This is the question AI teams find most uncomfortable. What is the fallback when the model is unavailable, returns garbage because an upstream feature drifted, or has to be pulled after a fairness incident? “Revert to the previous scorecard” is a legitimate answer — but only if that scorecard still exists, is maintained, and someone has tested the switchover.

CPS 230 does not ban sophisticated models. It insists you treat them as critical infrastructure with continuity, tolerances, and third-party discipline. Pair it with CPS 234 for the information-security dimension of the same systems. Our companion piece on AI for APRA-regulated entities works through how these obligations interact.

Model risk management is not optional here

Even setting the regulator aside, credit models fail in expensive, quiet ways. Populations shift. A booking-system change alters how a field is captured. A macro turn means the relationships your model learned on 2015–2019 data no longer hold. The discipline that catches this is model risk management (MRM), and for credit risk it needs to cover the full lifecycle:

  • Development standards — documented data lineage, feature definitions, sampling, and a clear statement of intended use and known limitations.
  • Independent validation — someone who did not build the model checks it, ideally before deployment and periodically after. Independence is the point; a model validated only by its authors is not validated.
  • Ongoing monitoring — population stability indices, score distribution drift, override rates, and — critically — outcome monitoring that compares predicted versus actual default over time as vintages mature.
  • Change control and a model inventory — you know every model in production, its owner, its last validation date, and its fallback.

Fold these controls into your enterprise risk framework rather than running them as a data-science side process. Our AI governance work is built around making MRM something a board and a CRO can see and rely on, not a spreadsheet nobody opens.

Data and fairness — where the quiet failures hide

Credit models are only as fair and as robust as the data underneath them, and this is where the hardest problems live.

Proxy discrimination is the big one. You would never feed a model a prohibited attribute directly — but postcode, device type, spending categories, and account tenure can all encode it indirectly. A model optimising purely for default prediction will happily exploit a proxy for a protected characteristic if it is predictive. Detecting this requires deliberate fairness testing: measuring outcome and error-rate differences across segments, and being willing to accept a small accuracy cost to remove a variable that is doing discriminatory work.

Data quality and drift cause the failures nobody sees coming. A feature that was 98% populated at build time can quietly fall to 60% after a system migration, and a model will keep emitting confident scores off the degraded input. Monitoring input data health is as important as monitoring the score.

Reject inference and survivorship. Your performance data only exists for applicants you approved. Train naively on that and you bake in the biases of past decisions. Handling this properly — through reject inference or careful challenger strategies — is a mature-team discipline, not a nice-to-have.

Capture all of this — proxy risk, drift, fallback, vendor concentration, fairness gaps — in a living AI risk register that ties each risk to an owner, a control, and a review date. A risk you have named and assigned is manageable; one living in a data scientist’s head is not.

A sensible sequence

If you are starting from a traditional scorecard estate, resist the urge to rip and replace. A defensible path looks like:

  1. Deploy AI first in early-warning and collections prioritisation, where a human stays in the loop and the explainability burden is lightest.
  2. Run advanced models as challengers to your production scorecard in origination — measuring the real, defensible accuracy uplift after you constrain for interpretability.
  3. Stand up MRM, monitoring, and CPS 230 continuity before, not after, anything touches a live accept/decline decision.
  4. Only then consider promoting a constrained, explainable ML model to a decisioning role — with reason codes and a tested fallback.

AI for credit risk in Australian lending is a genuine opportunity, but the winners will be the lenders who treat it as a governance and operations problem that happens to involve clever maths — not the other way round. If you are weighing where to start, or need an independent read on a model estate you already have in production, get in touch. We are model-agnostic and vendor-neutral, and we will tell you where the accuracy is real and where it is going to cost you more than it earns.

Next step

Want to talk about this with a senior partner?

30 minutes, no pitch, no deck — just a working conversation about how this applies to your situation.