Colorado AI Act (SB24-205) — CRS §6-1-1702(2) & §6-1-1703(2)
This Risk Management Policy establishes the governance framework for Meridian Financial Services' use of high-risk artificial intelligence systems as defined by the Colorado AI Act (SB24-205). This policy applies to all AI systems that make or substantially assist in consequential decisions affecting individuals in the categories defined by CRS §6-1-1701.
| Risk Category | Likelihood | Impact | Owner | Review |
|---|---|---|---|---|
| Algorithmic Discrimination Disparate impact on protected classes in hiring decisions |
Medium | High | VP AI Governance | Quarterly |
| Data Quality Degradation Training data becoming stale or unrepresentative over time |
Medium | Medium | Data Engineering Lead | Monthly |
| Model Drift Performance degradation as candidate population changes |
High | Medium | ML Engineering Lead | Monthly |
| Transparency Failure Inadequate consumer notice or disclosure |
Low | High | Legal & Compliance | Quarterly |
| Human Override Failure Recruiters over-relying on AI scores without independent judgment |
Medium | Medium | Director of Recruiting | Quarterly |
Method: Disparate impact analysis using the 4/5ths rule (EEOC Uniform Guidelines), supplemented by Chi-Square and Fisher's Exact tests for statistical significance.
Frequency: Quarterly (January, April, July, October) with ad-hoc testing triggered by model updates or complaint patterns.
Protected Classes Tested: Race/ethnicity, gender, age (40+), disability status, veteran status, national origin.
Threshold: Selection rate ratio must be ≥ 0.80 for all protected classes. Any ratio below 0.80 triggers mandatory remediation review within 10 business days.
Remediation Process: If bias is detected: (1) Immediate notification to VP AI Governance, (2) Root cause analysis within 5 business days, (3) Model retraining or feature adjustment within 15 business days, (4) Re-testing to confirm remediation, (5) Documentation of findings and corrective actions in evidence bundle.
Status: Enabled — real-time monitoring active since January 2026.
Metrics Tracked: Selection rate ratios by protected class, score distribution variance, false negative rates by demographic group, appeal rates by demographic group, opt-out request rates.
Alert Thresholds: Automated alerts triggered when any selection rate ratio drops below 0.85 (warning) or 0.80 (critical). Critical alerts require response within 24 hours.
Response Process: Warning alerts reviewed by AI Governance team within 48 hours. Critical alerts escalate to VP AI Governance and Legal immediately. All alerts logged in compliance evidence system.
Review Level: All AI-generated candidate rankings are reviewed by a human recruiter before any candidate communication or decision.
Override Triggers: Human review is mandatory when: (1) AI score is below 40/100 and candidate has 5+ years relevant experience, (2) Candidate requests human-only review, (3) Position has fewer than 10 applicants, (4) AI system flags low confidence score.
Escalation Process: Recruiter → Hiring Manager → Director of Recruiting → VP People Operations. Each level has 2 business days to review.
Override Authority: Any hiring manager can override AI recommendations with documented justification. All overrides are logged and reviewed quarterly for patterns.
Reporting Process: Any employee who suspects algorithmic discrimination must report to ai-compliance@meridianfs.com within 24 hours. Anonymous reporting available via compliance hotline (800-555-0199).
Response Timeline: Initial assessment within 48 hours. Full investigation within 15 business days. Remediation plan within 30 business days.
AG Notification: If algorithmic discrimination is confirmed, notification to the Colorado Attorney General within 90 days per CRS §6-1-1702(5) / §6-1-1703(7). Notification includes: description of discrimination, affected population estimate, remediation steps taken, and timeline for resolution.
Remediation Steps:
The following roles are responsible for AI risk management at Meridian Financial Services:
| Role | Responsibility | Reports To |
|---|---|---|
| VP AI Governance | Overall AI risk management program ownership, AG notification authority, policy approval | CTO |
| AI Ethics Committee | Quarterly review of bias testing results, policy updates, incident review | Board of Directors |
| ML Engineering Lead | Model performance monitoring, bias testing execution, remediation implementation | VP AI Governance |
| Legal & Compliance | Regulatory monitoring, consumer notice compliance, AG communication | General Counsel |
| Director of Recruiting | Human oversight enforcement, recruiter training, override review | VP People Operations |
This AI Risk Management Policy has been reviewed and approved in accordance with CRS §6-1-1702(2) and §6-1-1703(2). It will be reviewed and updated at least semi-annually or upon material changes to AI systems.