Short version: Most operators and platforms invest heavily in detection (scores, models, signals). But regulators keep citing explainability, accuracy, and notice failures—the proof layer.
Defensibility isn’t a bolt-on; it’s an orchestration problem across data, people, and process.
What I mean by “Defensibility Augmentation & Orchestration”
- Defensibility augmentation: adding the controls, artifacts, and audit-trail needed to prove that a decision was made lawfully, consistently, and fairly—without turning your stack into a CRA decisioning engine.
- Orchestration: coordinating the end-to-end journey (intake → screening inputs → human checks → adverse action → disputes → packet retrieval) so every step is explainable, logged, and recoverable on demand.
Said plainly: if a regulator, partner, or plaintiff asks “show me how this decision was made,” you can supply a complete, accurate packet—including sources behind third-party data, human judgment points, and time-stamped events.
That is the gap most teams still have.
Why I think this is missing (and how the record backs it up)
- Regulators are focused on accuracy, transparency, and explainability → not just better risk scores.
In January 2024, CFPB issued advisory opinions clarifying that background screening reports must exclude outdated/expunged data, include dispositions, avoid duplicate entries, and that consumers are entitled to their complete file—including the source(s) of each item (original and intermediary vendor sources).
This is a traceability requirement → an orchestration problem. - When enforcement hits screening, it often cites missing procedures and poor data lineage.
In October 2023, the CFPB and FTC obtained a stipulated order against TransUnion Rental Screening Solutions for failing to ensure maximum possible accuracy of eviction records (e.g., sealed/incorrect or missing dispositions) and for withholding third-party source information from renters; $15M was ordered in penalties/redress.
Again, the remedy is procedures and provenance, not a “stronger model.”
Earlier, AppFolio settled with the FTC for $4.25M over FCRA accuracy procedures in tenant reports—another example where process controls, not algorithmic prowess, were the issue. - Independent government review reinforces the theme: accuracy, AI explainability, and notice.
In July 2025 the U.S. GAO, Government Accountability Office, summarized federal actions around rental proptech, including: the TransUnion case (accuracy and disclosures), AppFolio (accuracy procedures), and DOJ/HUD positions that screening companies can implicate the FHA. GAO also noted HUD’s 2024 screening guidance addressed AI/ML explainability and recommended giving applicants a chance to dispute negative info → classic defensibility controls. - Fair Housing risk is about how criteria are applied and justified—documentation matters.
HUD’s longstanding 2016 OGC guidance warns that blanket bans (and arrest-only policies) can create disparate impact; providers must show a substantial, legitimate, nondiscriminatory interest and use more tailored criteria.
These expectations implicitly demand an audit-ready rationale, not just a thumbs-down from a score. - Trendline, not just anecdotes: CFPB’s 2023–2024 activity emphasized enforcement tied to reporting accuracy, dispute handling, and consumers’ access to complete files.
That’s not a call for “more detection” → it’s a call for defensible process and packet-level explainability.
Counterpoint (and why this post isn’t anti-detection):
Better detection still reduces losses and friction. But the public record shows that failures most likely to trigger regulatory or legal pain are proof failures—inaccurate/irrelevant data, missing dispositions, opaque vendors, and broken notice/dispute flows.
You don’t fix those by buying a newer score; you fix them by designing for traceability, notices, and human-in-loop review with artifacts.
The orchestration gap (why tooling alone won’t get you there)
Vendors often promise “accuracy,” but enforcement actions keep spotlighting missing procedures, disclosures, and artifact trails.
Orchestration is the connective tissue: it coordinates vendors, merges signals with human judgment, enforces templates and timers, and emits a packet you can hand to counsel or a regulator tomorrow morning.
That’s not another mode → it’s process + proof.
Design around the three G’s: Good data (verifiable sources), Good people (judgment in-loop), Good design (compliance built-in).
If you do nothing else this quarter
- Map your current notice and dispute flows against CFPB expectations for completeness and source disclosure; plug gaps.
- Require vendors to return final dispositions and disallow sealed/expunged items—contract for it.
- Pilot a retrievability drill: can you reproduce a full screening packet in 24–48 hours, including third-party sources and timestamps? If not, you don’t have defensibility—you have hope.
Where I’m challenging my own thesis
If your stack already delivers accurate, disposition-aware data with complete source lineage; issues clear, specific adverse-action notices; and regenerates packets on demand— you’re already in good shape.
But most teams I’ve talked to have a brittle mix of vendor outputs, email notices, and ad-hoc dispute handling. The public enforcement record suggests that’s where risk lives today.