CO: AFC Letter of Support of SB26-189

The Honorable James Coleman
President of the Senate
Colorado Senate
200 E Colfax Avenue
Denver, CO 80203

The Honorable Robert Rodriguez
Majority Leader
Colorado Senate
200 E Colfax Avenue
Denver, CO 80203

Re: Colorado Senate Bill 26-189

Dear President Colman and Majority Leader Rodriguez,

On behalf of the American Fintech Council (AFC),  I am writing to you in support of the underlying policy goals of SB26-189 and in recognition of the significant progress made by the Colorado AI Policy Work Group to improve the state’s existing AI statute to establish a functional AI regulatory framework for both consumers and industry. AFC recognizes that further refinements to SB26-189 may be needed while the bill moves through the Colorado Legislature. However, it is important to acknowledge the importance that SB26-189's introduction has for establishing a pragmatic AI framework for Colorado.

AFC is the premier trade association representing the largest financial technology (fintech) companies, including fintech lenders and their innovative bank partners. As a standards-based organization, our mission is to promote a transparent, inclusive, and customer-centric financial system by supporting responsible innovation in financial services and encouraging sound public policy. AFC members foster competition in consumer finance and pioneer products to better serve underserved consumers.

AFC’s membership includes a broad range of financial technology companies and banks that deploy advanced analytical tools and data-driven technologies across numerous aspects of financial services. These technologies support a wide variety of functions, including fraud detection, risk monitoring, compliance operations, customer service, underwriting, and transaction monitoring. As a result, AFC members have substantial practical experience implementing governance frameworks that ensure emerging technologies are deployed responsibly, securely, and in compliance with applicable regulatory obligations.

AFC has long advocated for a pragmatic approach to regulating AI. In our view, it is crucial that policymakers and regulators understand the relevant distinctions between each offering that leverages AI technologies and seek to craft the correct regulatory structure for each financial product. Further, when considering a regulatory framework for AI, it is important to recognize that AI technologies, when used responsibly, function as tools for financial institutions that expand and improve their existing processes and practices. AI technologies, when responsibly deployed, are not a panacea used to replace or supplant existing processes or practices conducted by the financial institution.

As such, we support regulatory efforts that promote responsible innovation while ensuring that financial institutions maintain effective risk management, consumer protection safeguards, and operational accountability when deploying new technologies. In particular, AFC believes that governance frameworks addressing the use of artificial intelligence should build upon the well-established risk management and compliance structures that financial institutions already maintain. Approaches grounded in proportionality, flexibility, and existing supervisory standards are best suited to ensure that institutions can responsibly deploy emerging technologies while maintaining strong protections for consumers and the financial system.

The following comments outline AFC’s perspective on SB26-189 and offer recommendations intended to support balanced governance expectations that protect consumers, preserve institutional accountability, and allow banks and fintech companies to continue leveraging innovative technologies that improve the delivery of financial services.

I. AFC Supports Governance Expectations that Emphasize Data Privacy, Transparency, and Practical Human Oversight

Effective AI governance frameworks should prioritize three core principles: ensuring data privacy, transparency regarding how AI systems function within financial operations, and continued human oversight of material decision making. Financial institutions routinely rely on large volumes of consumer and financial data when deploying technologies that support activities such as credit underwriting, transaction monitoring, and fraud detection. Governance expectations should therefore ensure consumer information remains protected and mitigate cybersecurity risks associated with data intensive systems, while allowing institutions to implement these protections through risk management and security programs they already maintain.

Ensuring that AI systems respect user privacy and adhere to consumer protection standards is also crucial for maintaining trust and compliance with regulations. Institutions must prioritize the protection of consumer data, ensuring compliance with relevant privacy laws and regulations. This involves implementing data security measures and transparent data usage policies, fostering consumer trust and confidence in the use of AI technologies. This approach helps to ensure that personal data is managed securely and that consumer rights are protected from the outset. Moreover, transparency about how AI systems use consumer data and how decisions are made by these systems is essential for meeting privacy and consumer protection standards.

Transparency and institutional understanding of AI supported processes are equally important. Increased automation can introduce operational risk if institutions lose visibility into how systems generate outputs, what data sources inform those outputs, and how those outputs are incorporated into downstream decisions. Institutions should therefore maintain documentation, monitoring, and testing practices that allow them to understand, explain, and supervise the role AI systems play in operational and consumer-facing activities, particularly where such systems support underwriting, fraud detection, pricing, or other material determinations.

Finally, governance expectations should reinforce that the use of AI must continue to operate alongside meaningful human oversight that is technically feasible for financial institutions to conduct. Financial institutions already incorporate human review into a wide range of activities including credit decision making, compliance monitoring, and enterprise risk management. AI governance policies should complement these existing practices by preserving clear lines of accountability and ensuring that institutions retain the ability to review outcomes, escalate concerns, and intervene when necessary.

Further, to properly balance consumers’ rights to request “meaningful human review” of adverse decisions in a manner that is “commercially reasonable,” it may be necessary for the Colorado Legislature to provide additional clarity as to its legislative intent within this issue.  Barring further discussion of legislative intent within SB26-189, AFC requests that any rulemaking regarding this issue carefully considers the legitimate business interests and costs associated with pursuing “meaningful human review” at scale. Framing governance in this manner promotes responsible use of AI while avoiding rigid requirements that could unnecessarily limit the ability of innovative banks and fintech companies to deploy beneficial technologies.

When implemented collectively, these principles would support a balanced governance approach in which institutions protect sensitive data, maintain clear visibility into how AI systems operate, and preserve meaningful human accountability for important outcomes. Such an approach promotes consumer protection and operational integrity while allowing financial institutions to continue leveraging AI tools that enhance efficiency, risk management, and access to financial services. AFC appreciates that SB26-189 adopted this approach.

* * *

AFC remains committed to collaborating with the Colorado Legislature as it strives to improve legislation regarding the governance of artificial intelligence systems used by regulated financial institutions. As AI technologies continue to evolve and become increasingly integrated into financial services operations, establishing clear and pragmatic governance expectations will be important to ensuring that these technologies are deployed responsibly while maintaining strong consumer protections and operational safeguards.

As discussed throughout this letter, AFC believes that governance frameworks addressing the use of artificial intelligence should build upon the existing risk management, data privacy, and consumer protection obligations that already apply to financial institutions. A risk-based approach that emphasizes data protection, transparency, and meaningful human oversight, while allowing institutions to integrate these safeguards within existing compliance and risk management programs, will best support both responsible innovation and effective supervision.

AFC appreciates the opportunity to provide these comments on SB26-189 and looks forward to continued engagement with the Colorado Legislature as it evaluates these important issues.

Sincerely,

Ashley Urisman
Director of State Government Affairs
American Fintech Council

[1] American Fintech Council’s (AFC) membership spans banks, non-bank lenders, payments providers, EWA providers, loan servicers, credit bureaus, and personal financial management companies.
[2] Colo. SB26-189, Automated Decision Making Technology in Consequential Decisions, 75th Gen. Assem. (2026), § 6-1-1705(2).

‍