Zest AI
Zest AI · EFROS US AI Vendor Governance Index entry
Composite governance score
B = strong posture. Deployable in regulated workloads with documented compensating controls.
About this vendor
AI-driven credit underwriting platform with strong fair-lending documentation. Explicit ECOA/Reg B and adverse-action explainability output, designed for examiner-facing defensibility.
- Enterprise tier
- Zest Model Management System, Zest Underwriting (for banks, credit unions, auto lenders)
- Vendor homepage
- https://www.zest.ai
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | Zest AI signs DPAs / data-handling agreements for enterprise customers. BAA available where PHI exposure is in scope. | Zest AI Security |
| Training-data opt-out | Yes | Customer underwriting data not used for cross-customer model training. Tenant isolation enforced. | Zest AI Privacy |
| US data residency option | Yes | US data residency standard for US customers. | Zest AI Security |
| SOC 2 Type II report | Yes | Zest AI holds SOC 2 Type II. | Zest AI Security |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation as of May 2026. | Public posture review |
| NIST AI RMF self-attestation | Partial | Zest publishes Responsible AI documentation mapped to NIST AI RMF principles. | Zest AI Responsible AI |
| Colorado AI Act readiness | Partial | Zest has engaged on Colorado AI Act readiness for credit decisioning. | Zest AI customer documentation |
| HHS-OCR Section 1557 readiness | N/A | Banking-vertical positioning. | Zest AI positioning |
| FRB SR 11-7 readiness | Yes | Zest publishes SR 11-7-grade model validation, ongoing monitoring, and fair-lending audit documentation. CFPB Circular 2023-03 adverse-action explainability built into the output format. | Zest AI SR 11-7 documentation |
| ABA Formal Op 512 readiness | N/A | Banking-vertical positioning. | Zest AI positioning |
| Subprocessor list public | Partial | Subprocessor list available to enterprise customers under NDA. | Zest AI Security |
Trust-center maturity
Strong fair-lending and SR 11-7 documentation. Trust portal less self-serve than FICO. Documentation distribution via enterprise relationship.
Source: Zest AI Security
Deep dive
Overview
Zest AI is the strongest pure-play banking AI vendor on fair-lending defensibility. The adverse-action explainability output is designed for CFPB Circular 2023-03. Explanations are model-derived rather than post-hoc, which matters in supervisory examination. Best fit for community and mid-size banks that need SR 11-7-aligned underwriting without standing up internal MRM capacity.
Strengths
- CFPB Circular 2023-03 adverse-action explainability built into output
- SR 11-7-grade model validation documentation
- Tenant-isolated, US residency, BAA-eligible
- Purpose-built for fair-lending defensibility
Weaknesses
- No ISO/IEC 42001
- Trust portal less mature than FICO
- Smaller subprocessor transparency
Best-fit use case
Community and mid-size banks ($500M-$10B AUM) deploying AI for personal lending, auto, or small-business decisioning where fair-lending audit defensibility is the binding constraint.
Avoid when
Very large banks with deep internal MRM capacity may prefer to build on FICO or in-house given the volume.
Operator's take
Deploy Zest AI when community and mid-size banks ($500M-$10B AUM) deploying AI for personal lending, auto, or small-business decisioning where fair-lending audit defensibility is the binding constraint. The composite score of 74 (grade B) reflects a defensible posture for regulated US workloads. Skip the vendor when very large banks with deep internal MRM capacity may prefer to build on FICO or in-house given the volume. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Zest AI, submit a formal challenge — we re-verify against the source and respond within 14 days.
Similar vendors (same category or sector)
Vendors in the same category as Zest AI, padded with vendors that share its primary sector. All scored on the same twelve axes — useful for head-to-head shortlisting.
Where Zest AI shows up in the rest of the Index
Zest AI is scored in every state and (where applicable) sector slice of the Index. Use these views to compare Zest AI against its peers from a state or sector lens rather than category.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.