Algorithm

A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result.

Source: AIEOG AI Lexicon (Feb 2026), NIST SP 800-107r1

An algorithm is a set of instructions that tells a computer how to perform a specific task. It is a step-by-step procedure: given these inputs, follow these rules, and produce this output. Algorithms are the building blocks of all software, and AI models are built using specialized algorithms designed to learn patterns from data.

In the context of AI and financial services, algorithms range from simple rule-based logic (“if the transaction exceeds $10,000, file a CTR”) to complex mathematical operations that power machine learning models (gradient descent, backpropagation, decision tree splitting). Understanding that AI models are ultimately driven by algorithms helps demystify the technology and makes governance more concrete.

The distinction between an algorithm and a model is straightforward: the algorithm is the recipe, the model is the result of following that recipe with specific data. A random forest algorithm defines how to build decision trees and combine their outputs. A random forest model is the specific set of decision trees produced when that algorithm is applied to a particular training dataset.

Algorithms underpin critical decisions in financial services. Credit scoring algorithms determine who gets approved for loans. Transaction monitoring algorithms identify suspicious activity. Pricing algorithms set interest rates and fees. Trading algorithms execute orders at high speed.

Regulatory interest in algorithms has grown significantly. The OCC, CFPB, and SEC have each issued guidance or taken enforcement actions related to algorithmic decision-making. Key concerns include:

• Fairness. Algorithms can perpetuate or amplify bias present in training data, leading to discriminatory outcomes in lending, insurance, or employment decisions.
• Transparency. Complex algorithms, especially those used in machine learning, can be difficult to explain. Regulators expect institutions to be able to explain how algorithmic decisions are made.
• Accountability. When an algorithm produces an adverse outcome for a customer, the institution is responsible. “The algorithm decided” is not an acceptable explanation.
• Auditability. Algorithms should be documented and testable. Examiners expect to see documentation of how algorithms work, what data they use, and how they have been validated.

1. Document algorithmic logic. For every algorithm used in a decision-making capacity, maintain documentation that explains what the algorithm does, how it works, and what assumptions it relies on.
2. Test for bias and fairness. Algorithms that affect customers (credit, pricing, access to services) should be tested for disparate impact across protected classes.
3. Maintain version control. Track changes to algorithms over time, including who made the change, what was changed, and why.
4. Require explainability. For algorithms that inform regulated decisions, ensure the institution can explain the basis for individual outcomes to customers, regulators, and auditors.
5. Include algorithms in model governance. Algorithms that meet the definition of a “model” under SR 11-7/OCC guidance should be subject to model risk management requirements.
6. Assess vendor algorithms. Third-party algorithms should receive the same governance attention as internally developed ones.

AI model, Machine learning, Deterministic (algorithm/model), Artificial intelligence (AI), Black box, Explainability