FICO Falcon Fraud Manager + FICO Score AI
Fair Isaac Corporation · EFROS US AI Vendor Governance Index entry
Composite governance score
B = strong posture. Deployable in regulated workloads with documented compensating controls.
About this vendor
Decades-deep machine-learning portfolio across fraud detection (Falcon) and credit decisioning (FICO Score 10 T). The reference SR 11-7 documentation in the industry; most US banks already operate against FICO's validation patterns.
- Enterprise tier
- FICO Falcon Fraud Manager, FICO Score 10 T (ML-driven credit scoring), FICO Platform
- Vendor homepage
- https://www.fico.com
- Trust center
- https://www.fico.com/en/trust
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | FICO signs DPAs / data-handling agreements for enterprise customers. BAA available where PHI exposure exists in customer datasets. | FICO Trust |
| Training-data opt-out | Yes | Customer transaction data is processed under contracted purpose limitation; not used for cross-customer model training without explicit consortium opt-in. | FICO Trust |
| US data residency option | Yes | US data residency available for US bank customers. FICO operates US-region data centers + AWS GovCloud for federal-aligned deployments. | FICO Trust |
| SOC 2 Type II report | Yes | FICO holds SOC 2 Type II, ISO 27001, FedRAMP. Most banks have FICO compliance documentation already on file. | FICO Trust |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation as of May 2026. | Public posture review |
| NIST AI RMF self-attestation | Partial | FICO publishes a Responsible AI framework with explicit NIST AI RMF mapping; no formal self-attestation document. | FICO Responsible AI |
| Colorado AI Act readiness | Partial | FICO has publicly engaged on the Colorado AI Act and deployer-responsibility documentation for credit decisioning customers. | FICO customer documentation |
| HHS-OCR Section 1557 readiness | N/A | Banking-vertical positioning. | FICO positioning |
| FRB SR 11-7 readiness | Yes | FICO model documentation is the reference SR 11-7 validation packet in the credit-scoring industry. Validation reports, conceptual soundness reviews, ongoing performance monitoring all packaged for examiner review. | FICO SR 11-7 documentation packet |
| ABA Formal Op 512 readiness | N/A | Banking-vertical positioning. | FICO positioning |
| Subprocessor list public | Yes | FICO subprocessor list available to enterprise customers. | FICO Trust |
Trust-center maturity
Mature compliance documentation, broad certificate library, SR 11-7-grade model validation reports. AI-specific governance documentation (Colorado AI Act, ISO 42001) trails platform certifications.
Source: FICO Trust
Deep dive
Overview
FICO is the default safe-choice AI vendor for US banks because the SR 11-7 documentation packet is already what every examiner expects. Forty-plus years of credit-scoring model validation is now extended to ML-driven fraud detection (Falcon) and credit scoring (FICO Score 10 T). The governance posture is the strongest in the banking category because validation isn't an add-on — it's the product.
Strengths
- Reference SR 11-7 validation documentation
- FedRAMP + SOC 2 + ISO 27001 compliance stack
- BAA-eligible for PHI overlap; DPA standard for enterprise
- Public Responsible AI framework with NIST AI RMF mapping
Weaknesses
- No ISO/IEC 42001 attestation
- Pricing structure can be opaque at smaller community-bank scale
- AI-specific governance documentation trails core platform certifications
Best-fit use case
Mid-market and large US banks running fraud detection or credit decisioning where examiner expectations have already standardized on FICO documentation. Lowest-friction SR 11-7 audit posture in the banking category.
Avoid when
Smaller community banks (under $500M AUM) where the licensing economics don't amortize and lighter-weight alternatives like Hummingbird (AML) or Unit21 (transaction monitoring) match the actual exposure.
Operator's take
Deploy FICO Falcon Fraud Manager + FICO Score AI when mid-market and large US banks running fraud detection or credit decisioning where examiner expectations have already standardized on FICO documentation. Lowest-friction SR 11-7 audit posture in the banking category. The composite score of 80 (grade B) reflects a defensible posture for regulated US workloads. Skip the vendor when smaller community banks (under $500M AUM) where the licensing economics don't amortize and lighter-weight alternatives like Hummingbird (AML) or Unit21 (transaction monitoring) match the actual exposure. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for FICO Falcon Fraud Manager + FICO Score AI, submit a formal challenge — we re-verify against the source and respond within 14 days.
Other vendors in banking
Same category, scored on the same twelve axes. Useful for head-to-head shortlisting.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.