**Article 9**

**Establishment and Scope of the Risk Management System**  
Meridian Financial Analytics established the risk management system for the Credit Evaluation Network as an integral part of the development phase. The system encompasses structured identification, analysis, and mitigation of risks related to health, safety, and fundamental rights stemming from the AI system’s use in credit scoring. This approach aligns with industry standards where initial risk analysis is focused on the model’s design, data integrity, and performance characteristics prior to deployment. Risk factors evaluated at this stage include potential bias impacts on protected groups, erroneous credit scoring leading to financial exclusion or unfair denial of credit, and data privacy considerations concerning sensitive borrower information. Risk assessment methods combined quantitative metric analysis and expert judgment on systemic risks inherent to borrower profiling models based on Gradient Boosted Decision Trees (GBDT).

**Assessment and Evaluation of Known and Foreseeable Risks**  
Risk estimation utilized extensive testing procedures during development, including adversarial robustness assessments and subgroup performance analysis across demographic and socioeconomic strata. The training dataset comprised approximately 2.4 million anonymized credit application records aggregated from multiple financial institutions, covering a diverse geographic and economic spectrum to represent reasonably foreseeable borrower segments. Performance was benchmarked with an area under the ROC curve (AUC) of 0.82 on a holdout validation set, with further analysis performed for false positive and false negative rates across subpopulations. Known risks evaluated included potential model degradation due to shifts in economic conditions or borrower behavior; however, these were not systematically quantified beyond initial scenario simulations reflecting pre-identified macroeconomic stress scenarios relevant at development time.

**Consideration of Post-Deployment Data and Emerging Risks**  
The design and documentation of the risk management system explicitly exclude systematic post-market monitoring or subsequent iterative risk analysis. The provider has not implemented a structured framework to collect or analyze operational data following deployment, nor to update the risk model in response to evolving borrower profiles or economic shocks. Consequently, no formal procedures are in place to evaluate risks arising from dynamic market conditions or unforeseen misuse patterns emerging post-deployment. This limitation reflects the provider’s current operational scope, where maintenance and risk re-evaluation after release are delegated to the user organizations or deployers.

**Risk Mitigation Measures Adopted During Development**  
Risk mitigation focused primarily on design and technical controls embedded during model development. These included feature engineering to minimize direct use of sensitive attributes, implementation of algorithmic fairness constraints aimed at reducing disparate impact on protected groups, and thorough validation of model interpretability using SHAP (SHapley Additive exPlanations) values to ensure transparent credit decisions. Data preprocessing involved outlier treatment and data imputation techniques to ensure robustness against missing or anomalous input. Model hyperparameters were tuned to optimize the balance between sensitivity and specificity, explicitly addressing the reduction of false negatives that could unfairly deny creditworthy applicants. Documentation and technical information were prepared to support deployers’ understanding of model scope, limitations, and appropriate application context, consistent with the anticipated deployer profiles who possess domain expertise in credit risk management.

**Testing Regime and Performance Validation**  
Testing consisted of multiple iterative phases aligned with the development lifecycle. Internal validation was performed on historical datasets segmented temporally to simulate varying economic conditions observed in the prior five years. Performance metrics including AUC, precision, recall, and calibration errors were monitored with thresholds defined to ensure consistent predictive reliability. No real-world pilot deployments or post-market testing were conducted by the provider. Instead, controlled synthetic stress test scenarios reflecting economic downturns and borrower behavioral shifts were simulated to estimate potential model degradation, with no plans to integrate live data feedback loops. Testing results met predefined criteria for acceptance but did not encompass validation beyond the pre-deployment lifecycle stage.

**Consideration of Vulnerable Groups**  
The risk management design included targeted review of model outputs with regard to vulnerable populations, including minors, albeit recognizing that borrowers under 18 are generally excluded from credit evaluation processes in compliance with regulatory frameworks. For other groups potentially vulnerable to discriminatory impacts—such as older adults or economically disadvantaged segments—specific subgroup analyses were conducted to detect unequal error rates or systematic bias. While these analyses informed development-stage mitigation measures, ongoing risks linked to demographic shifts or broader social changes were not subject to continuous evaluation.

**Information and Training Provision for Deployer Support**  
Comprehensive technical documentation was produced and delivered to facilitate deployers’ understanding of the system, its limitations, and responsible use. This documentation includes model interpretability reports, guidance on input data quality requirements, and alerts on possible risk factors identifiable during manual reviews. Training materials were developed targeting credit risk analysts and decision-makers, presuming a baseline level of professional expertise in financial data interpretation. These materials aim to empower deployers to identify and respond appropriately to potential anomalies or outliers in system outputs, even though no provider-led follow-up training or updates are planned post-deployment.

**Integration with Other Legal Risk Management Requirements**  
Where applicable, the risk management components defined herein are designed to integrate with broader internal compliance and risk controls maintained by financial institutions under existing Union laws on credit assessment and financial services regulation. This approach ensures that the AI system’s technical risk considerations complement, but do not supplant, institutional governance structures responsible for ongoing risk monitoring and mitigation once the system is in operation.