Credit Decisioning & Scorecard Policy¶
| Code | CRE-003 |
| Domain | Credit Risk |
| Owner | Head of Credit Risk |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD05 |
| Review date | 2027-03-25 |
Regulations: APS 220 Credit Quality · CCCFA 2003 · ASIC RG 209¶
Purpose¶
Govern the development, validation, deployment, performance monitoring, and override management of credit scorecards and automated decision rules used in retail and small business credit decisioning. Ensures credit decisions are consistent, explainable, and non-discriminatory.
Scope¶
All automated and scorecard-assisted credit decisions for retail and small business customers in NZ and AU. Covers application scorecards, behavioural scorecards, pre-approval criteria, and automated decision rules applied in the credit decision engine.
Policy statements¶
All credit scorecards and decision rules SHALL be developed and validated in accordance with DT-005 (Model Risk Management Policy) before deployment to production. CRO sign-off is required before any new or materially changed scorecard or decision rule is deployed.
Scorecards and decision rules SHALL be subject to performance monitoring at least quarterly. Performance monitoring SHALL include Gini coefficient, Kolmogorov-Smirnov statistic, Population Stability Index (PSI), and default rate by score band. Significant performance degradation against defined thresholds SHALL trigger a scorecard review and, where warranted, a rebuild.
Automated credit decisions SHALL be explainable. Decline reasons SHALL be generated automatically for every declined application and disclosed to the customer upon request. The explanation SHALL identify the primary factors contributing to the decline outcome.
Scorecards SHALL not use protected characteristics — including race, gender, age (except where age is a legally required eligibility criterion), religion, disability, or family status — as direct inputs.
Scorecard override rates SHALL be tracked and reported to the CRO monthly. Override rates exceeding the defined threshold SHALL be reviewed. Overrides SHALL be documented with the reason and the authorising officer's identity. Patterns of override suggesting systemic scorecard issues SHALL trigger a scorecard review.
All automated credit decisions SHALL be logged in MOD-048 (system decision log) with the decision outcome, the score, the primary contributing factors, and the policy rules applied. The log provides the explainability and audit trail required for regulatory scrutiny.
The credit decision engine SHALL enforce a separation between scorecard development/validation and production deployment. No developer or model author SHALL deploy their own model to production without independent review.
All scorecard versions, validation reports, performance monitoring results, and deployment records SHALL be retained for 7 years.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-027 | Affordability calculator | LOG |
Affordability calculation is the credit decision artefact — consistent, auditable, regulator-ready |
| MOD-028 | Credit score & risk rating | LOG |
Scorecard governance — model version logged against every decision |
| MOD-029 | Pre-approval engine | LOG |
Every credit.credit_decisions row carries affordability_assessment_id FK, credit_score, risk_rating, model_version (via score reference), and policy_refs — enforced by ADR-048 Cat 1 immutability trigger; structural test confirms non-null model_version and affordability_assessment_id on every persisted decision. |
| MOD-048 | System decision log | LOG |
Every credit decision auditable — customer can receive explanation, regulator can inspect |
| MOD-128 | Credit bureau enquiry and CCR integration | GATE |
A credit enquiry must be completed and the bureau response recorded before the credit decision engine (MOD-029) can proceed to assessment — no decision is made without current bureau data. |
Part of Credit Risk · Governance overview
Compiled 2026-05-22 from source/entities/policies/CRE-003.yaml