Artificial Intelligence (AI) Policy and Procedures

JLB Corporation DBA Golden Oak Lending

Written: 12/23/2025

1. Purpose

The purpose of this policy is to establish clear guidelines for the responsible, compliant, and ethical use of Artificial Intelligence (AI) tools within JLB Corporation dba Golden Oak Lending Oak (hereafter “Golden Oak Lending”). This policy ensures that AI is used to enhance efficiency and service quality while maintaining compliance with all applicable federal and state laws, investor requirements, data privacy standards, and internal risk management expectations.

2. Scope

This policy applies to:

• All employees, contractors, and third-party vendors acting on behalf of Golden Oak Lending
• All AI-powered tools, platforms, and features, including generative AI, automation, analytics, and decision-support tools
• All business functions, including but not limited to loan origination, underwriting support, marketing, customer service, compliance, quality control, and operations

3. Definitions

• Artificial Intelligence (AI): Technology that performs tasks typically requiring human intelligence, such as content generation, data analysis, pattern recognition, and automation.
• Generative AI: AI systems capable of creating text, images, summaries, or recommendations based on input data.
• Human-in-the-Loop: A control requiring human review, oversight, or approval of AI outputs before use in decision-making or customer-facing activities.
• Sensitive Data: Nonpublic personal information (NPI), including borrower financial data, Social Security numbers, dates of birth, credit information, and protected class data.

4. Guiding Principles

Golden Oak Lending’s use of AI is governed by the following principles:

• Compliance First: AI may not be used in any manner that violates consumer protection, fair lending, privacy, or investor requirements.
• Human Oversight: AI supports decision-making but does not replace human judgment.
• Transparency: AI use must be explainable, documented, and auditable, where applicable.
• Data Protection: Sensitive borrower and employee data must be protected at all times.
• Fairness and Non-Discrimination: AI may not be used to make or influence discriminatory decisions.

5. Permitted Uses of AI

AI tools may be used for the following activities, subject to compliance with this policy and required approvals:

• Drafting internal communications, policies, procedures, and training materials
• Summarizing non-sensitive documents or publicly available regulatory guidance
• Workflow automation and task management
• Drafting marketing content, subject to compliance review and final human approval
• Data analysis using anonymized or non-sensitive datasets
• Quality control support, such as checklist generation and trend analysis

6. Prohibited Uses of AI

AI tools may not be used for:

• Making final credit decisions or underwriting determinations
• Generating or modifying loan terms, pricing, or credit recommendations without documented human review and approval
• Uploading, processing, or storing borrower NPI or other sensitive data in public or unapproved AI platforms
• Automated adverse action determinations or adverse action notices
• Any use that could result in disparate impact or fair lending risk
• Representing AI-generated content as borrower-specific advice, determinations, or approvals

7. Data Privacy and Security Requirements

• Sensitive or confidential data must not be entered into public or unapproved AI systems
• Only AI tools vetted and approved by Management, the Compliance Officer, and IT/Security (as applicable) may be used
• AI tools may not retain, train on, or reuse Golden Oak Lending data unless explicitly approved and contractually permitted
• AI vendors must meet Golden Oak Lending’s data security, confidentiality, and vendor management standards
• Employees must comply with all existing data privacy, cybersecurity, and information security policies

8. Human Review and Oversight

• All AI-generated outputs used in business operations must be reviewed and approved by a qualified employee
• AI-generated content used in customer-facing communications must be reviewed and approved by Compliance prior to distribution
• AI may provide drafts, summaries, or recommendations but may not act autonomously in regulated decision-making

9. Fair Lending and Regulatory Compliance

AI use must comply with all applicable federal and state laws and regulations, including but not limited to:

• Equal Credit Opportunity Act (ECOA)
• Fair Housing Act (FHA)
• Truth in Lending Act (TILA)
• Fair Credit Reporting Act (FCRA)
• Gramm-Leach-Bliley Act (GLBA)
• Applicable state mortgage lending and consumer protection laws

Golden Oak Lending conducts periodic monitoring to identify potential bias, disparate impact, or other compliance concerns related to AI usage.

10. Vendor Management

• Third-party AI vendors must undergo due diligence prior to use
• Vendor agreements must address data ownership, confidentiality, information security controls, regulatory compliance, and audit rights, where applicable
• Ongoing vendor monitoring will be conducted in accordance with Golden Oak Lending’s vendor management program

11. Training and Awareness

• Employees will receive training on acceptable AI use, associated risks, and compliance requirements
• Training will be provided upon hire and at least annually thereafter
• Additional training may be required when new AI tools are introduced or regulatory guidance changes

12. Monitoring, Auditing, and Quality Control

• Oversight responsibility resides with the Compliance Officer, who is accountable for monitoring AI usage, ensuring adherence to this policy, and coordinating corrective action as needed
• AI usage may be reviewed or audited by Compliance, Risk Management, or Internal Audit
• Documentation must be maintained for approved AI tools, use cases, and monitoring activities • Identified issues must be escalated and remediated promptly

13. Incident Management

• Any suspected data breach, misuse of AI, or compliance concern must be reported immediately to Management and the Compliance Officer
• Incidents will be investigated and documented in accordance with Golden Oak Lending’s incident response procedures

14. Policy Violations and Enforcement

• Violations of this policy may result in disciplinary action, up to and including termination
• Misuse of AI that results in regulatory, legal, or investor exposure may result in additional corrective or remedial action

15. Governance and Review

• This policy is owned by the Compliance Officer, in coordination with Senior Management
• The policy will be reviewed at least annually and updated as necessary to reflect regulatory changes, business needs, and technological advancements

---

Appendix A: AI Oversight and Monitoring Procedure

Golden Oak Lending maintains oversight controls to ensure that all Artificial Intelligence (AI) tools are used responsibly, securely, and in compliance with applicable laws, regulations, and internal risk management standards.

Compliance and IT Partner Review

The Compliance Officer, in coordination with Management and IT/Security as applicable, evaluates AI tools in use to ensure:

• Alignment with applicable regulatory requirements, including Fair Lending and consumer protection laws
• Appropriate safeguards for data privacy, confidentiality, and information security
• That AI tools do not independently make or influence regulated credit decisions
• Vendor controls and contractual protections are consistent with Golden Oak Lending’s vendor management standards

This review may occur as part of routine compliance monitoring, vendor reviews, or operational assessments.

Ongoing Monitoring and Reassessment

AI tools in use are subject to ongoing monitoring to ensure continued compliance and risk appropriateness. Monitoring activities may include:

• Periodic review of how AI tools are used in practice
• Assessment of regulatory updates, investor guidance, or changes in business operations that may impact AI use
• Review of material changes to AI functionality, vendors, or data handling practices
• Evaluation of any identified issues, complaints, or risk indicators related to AI usage

If concerns are identified, Management and the Compliance Officer will determine whether corrective action, usage limitations, or discontinuation of the AI tool is necessary.

---

Appendix B: Examples of Acceptable vs. Unacceptable AI Use

The examples below are illustrative and not exhaustive. All AI use must comply with this policy and receive prior approval where required. All acceptable uses require human review and may not involve borrower nonpublic personal information unless explicitly approved.

Acceptable AI Use

• Drafting internal policies, procedures, and training materials
• Summarizing publicly available regulatory guidance
• Creating workflow checklists or quality control job aids
• Drafting marketing content, subject to compliance review
• Performing trend analysis using anonymized or non-sensitive data

Unacceptable AI Use

• Uploading borrower loan files or nonpublic personal information into public or unapproved AI platforms
• Using AI to make or recommend credit decisions, pricing, or eligibility determinations
• Automating underwriting, adverse action notices, or credit explanations
• Using AI outputs to justify or override underwriting decisions
• Any AI use that could result in disparate impact or Fair Lending violations

---

Revision Log

• 12/23/2025 - Initial version

 

© 2025 Golden Oak Lending. ALL RIGHTS RESERVED. Without the prior written permission of Golden Oak Lending, no part of this work may be used, reproduced or transmitted in any form or by any means to any party outside of Golden Oak Lending. Written 12/23/2025.