Unit21
Unit21, Inc. · EFROS US AI Vendor Governance Index entry
Composite governance score
C = mixed posture. Acceptable for non-regulated use; requires meaningful additional controls in regulated workloads.
About this vendor
Modern transaction-monitoring and fraud detection platform. Deployed at fintech-adjacent banks, neobanks, payments processors, and crypto-aligned institutions where legacy AML vendors don't fit.
- Enterprise tier
- Unit21 Transaction Monitoring, Case Management, Fraud Detection
- Vendor homepage
- https://www.unit21.ai
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | Unit21 signs DPAs for enterprise customers; BAA available where PHI overlap exists. | Unit21 Security |
| Training-data opt-out | Yes | Customer transaction data not used for cross-customer model training. | Unit21 Privacy |
| US data residency option | Yes | US data residency standard. | Unit21 Security |
| SOC 2 Type II report | Yes | Unit21 holds SOC 2 Type II. | Unit21 Security |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation. | Public posture review |
| NIST AI RMF self-attestation | Partial | Unit21 publishes governance documentation aligned to NIST AI RMF; no formal self-attestation. | Unit21 Responsible AI |
| Colorado AI Act readiness | No | No Colorado AI Act-specific public statement. | Public posture review |
| HHS-OCR Section 1557 readiness | N/A | Banking-vertical positioning. | Unit21 positioning |
| FRB SR 11-7 readiness | Partial | Unit21 documents SR 11-7 model risk practices for partner banks. Full validation packet typically delivered under enterprise engagement rather than self-serve. | Unit21 customer documentation |
| ABA Formal Op 512 readiness | N/A | Banking-vertical positioning. | Unit21 positioning |
| Subprocessor list public | Yes | Subprocessor list public via trust documentation. | Unit21 Security |
Trust-center maturity
Mature security documentation, modern compliance stack, public subprocessor list. AI-specific governance documentation present but lighter than FICO/Zest.
Source: Unit21 Security
Deep dive
Overview
Unit21 is a transaction-monitoring and fraud detection platform built for fintech-era institutions. The governance posture is solid on platform fundamentals (SOC 2, DPA, US residency, subprocessor transparency) and improving on AI-specific governance, but trails the pure-play SR 11-7 vendors (FICO, Zest) on validation packet depth. Best fit for institutions whose legacy AML vendor doesn't match their operational model.
Strengths
- SOC 2 Type II, US residency, DPA standard
- Modern transaction-monitoring architecture
- Public subprocessor list
- Default tenant isolation
Weaknesses
- No ISO/IEC 42001
- No Colorado AI Act statement
- SR 11-7 validation packet depth lighter than FICO/Zest
Best-fit use case
Neobanks, payments processors, crypto-adjacent institutions, and fintech-aligned community banks where legacy AML/transaction-monitoring vendors don't fit the data model or operational tempo.
Avoid when
Traditional banks where examiners already standardized on FICO Falcon or NICE Actimize. The migration cost may exceed the operational benefit.
Operator's take
Deploy Unit21 when neobanks, payments processors, crypto-adjacent institutions, and fintech-aligned community banks where legacy AML/transaction-monitoring vendors don't fit the data model or operational tempo. The composite score of 68 (grade C) reflects a mixed posture for regulated US workloads. Skip the vendor when traditional banks where examiners already standardized on FICO Falcon or NICE Actimize. The migration cost may exceed the operational benefit. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Unit21, submit a formal challenge — we re-verify against the source and respond within 14 days.
Similar vendors (same category or sector)
Vendors in the same category as Unit21, padded with vendors that share its primary sector. All scored on the same twelve axes — useful for head-to-head shortlisting.
Where Unit21 shows up in the rest of the Index
Unit21 is scored in every state and (where applicable) sector slice of the Index. Use these views to compare Unit21 against its peers from a state or sector lens rather than category.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.