Blue Sage Data Systems
A use case we run for Omaha banks and credit unions

AI for loan processing — Omaha

Loan packet summarization, BSA/AML triage, exception flagging, member communication drafts — designed for FNBO-class community banks and Centris-class credit unions. With the third-party governance OCC 2023-17 requires.

Lincoln companies asking the same? See the Lincoln view →

Text Rosey · Schedule a call →

The workflow, end to end

What goes in, what the AI does, what comes out, what your team gets back.

Input
Loan packet + applicant docs + policy + BSA/AML signals
Work
Summarize the packet, flag missing documents, triage BSA/AML signals, draft adverse-action language where required
Output
Reviewable loan summary, exception list, BSA/AML triage queue, draft adverse-action letters when applicable
Saved
25–45 minutes per loan packet; faster turn for clean packets, sharper triage on exceptions

What this looks like in production

Loan processing is dense paperwork with regulator-mandated decision points — exactly the workflow shape AI handles well in an assistive architecture. The work that runs an FNBO-class Omaha bank or a Centris-class credit union is heavy on document review, BSA/AML triage, exception handling, and consistent adverse-action communications. AI drafts; the loan officer or underwriter approves.

In production: a loan packet enters the workflow with all the standard docs (application, income verification, asset statements, AVM, title, etc.). AI summarizes the packet, flags missing or stale documents, triages BSA/AML signals, and (where adverse action is indicated) drafts the language a loan officer would otherwise write from scratch. The officer reviews everything material, edits or overrides where needed, and approves.

The governance discipline is OCC Bulletin 2023-17 (and FDIC FIL-29-2023, FRB SR 23-4) third-party guidance — your AI vendor is a third party, and the bank's responsibility for safety, soundness, and consumer protection isn't diminished by using one. OCC 2026-13 model risk management (April 2026) explicitly excludes generative and agentic AI from its scope, with an interagency RFI anticipated. NCUA supervises AI through existing third-party rules (Letters 07-CU-13 and 01-CU-20). Whichever applies, the audit-trail discipline is the same.

How we run it

  1. Two-week diagnostic with loan operations leadership. Map the packet flow, the exception types, the BSA/AML signals, the adverse-action volume.
  2. Build inside the real loan origination system — your LOS, your document repository, your BSA/AML platform. Production from week 3.
  3. Pilot with a small named loan officer group. Two-week side-by-side comparison.
  4. Tune BSA/AML triage against your historical signal patterns and your BSA officer's calibration. False positives erode trust faster than false negatives.
  5. Roll out to full loan ops with manager-led training. AI use policy + third-party AI vendor due-diligence documentation in place before broad rollout.
  6. Audit trail: every AI-drafted document, every BSA triage decision, every adverse-action draft archived with source data and officer edits. Examination-ready for OCC, FDIC, NCUA, or state.

Common questions

What does OCC 2023-17 require here?
OCC Bulletin 2023-17 (and the companion FDIC FIL-29-2023 and FRB SR 23-4) is the binding interagency third-party guidance. AI vendors are third parties under the rule. The bank must apply risk-based oversight across the third-party lifecycle (planning, due diligence, contract, ongoing monitoring, termination) — and 'use of third parties does not diminish or remove' the bank's responsibility for safety, soundness, and consumer protection. The vendor due-diligence documentation we deliver covers all five lifecycle stages.
Does OCC 2026-13 model risk management apply?
Mostly no for generative AI specifically — OCC Bulletin 2026-13 (April 2026) explicitly excludes generative and agentic AI from its scope, with an interagency RFI anticipated. For traditional ML models in your loan workflow (credit scoring, valuation), 2026-13 supersedes the prior SR 11-7 baseline. We document which parts of the loan workflow fall under which guidance.
What about BSA/AML — can AI make those decisions?
AI triages; humans decide. The architecture surfaces signals, drafts SAR narratives where indicated, and routes to your BSA officer with a confidence score. The officer makes the SAR-or-not decision. This pattern is consistent with FinCEN's expectations around AI in BSA programs and survives examination scrutiny.
Will this affect adverse-action timing requirements?
If anything, it tightens compliance — drafts can be ready faster, with the regulatorily required content elements pre-checked. The loan officer reviews, personalizes where appropriate, and sends within the 30-day window. The audit trail shows when the draft was generated, when the officer reviewed, and when it was sent.
What happens if the AI drafts the wrong adverse-action language?
The loan officer catches it during review — that's the architectural design. The AI flags low-confidence drafts for closer scrutiny. Mistakes are observable in the audit log; we tune monthly based on officer corrections. Per-month error rates and tuning notes are part of the AIS-style governance documentation.

Sources

Related

Use Case
AI for community banks
Industry
Banking & Credit Unions
Service
running AI from strategy to cutover
Service
AI governance framework
Concern
what data privacy looks like with AI
Answer
AI oversight and governance
→ Start here

Text Rosey to begin.

Rosey is our executive-assistant bot. Text the number below — she'll ask two questions, offer three calendar slots, and put a 30-minute call on Jim's calendar.

Text Rosey · Schedule a call →

or call 415 481 2629