Bank of America AI Engineer Case Interview: Real-time Fraud Detection with Model Risk Controls

This case simulates designing and operationalizing a real-time consumer payments fraud detection platform within Bank of America’s risk-first, "Responsible Growth" culture. You will frame a solution end-to-end—from data ingestion and model serving to governance, explainability, and ongoing monitoring—tailored to a tier-1, highly regulated bank environment. What you’ll be given: - A short brief describing rising peer-to-peer payments fraud (e.g., Zelle-like instant transfers) across Consumer Banking, with volume, latency, and accuracy targets. - A simplified schema for streaming transaction, device, and customer telemetry; constraints on PII handling and data residency; and a current-state diagram of batch-only rules. - Control requirements excerpted from enterprise Model Risk Management (aligned to SR 11-7), Fair Lending/ECOA considerations, and expectations for adverse action reason codes when decisions affect consumers. What you’re expected to produce: - Architecture: Propose a low-latency design using event streaming (e.g., Kafka/Kinesis), a centralized feature store, online/offline parity, and scalable model serving (Kubernetes/OpenShift) with canary or champion–challenger deployment. Address HA/DR, rollback, and change management gates. - Modeling approach: Select and justify algorithms (e.g., gradient boosting with monotonic constraints, graph features, or sequential deep models) under strict explainability and reason-code requirements; discuss feature computation, leakage prevention, and class imbalance handling. - Governance and controls: Show how the solution satisfies Bank of America’s model inventory, documentation, independent validation checkpoints, and approval workflows; define monitoring for data quality, drift, and performance; outline incident response and audit trails. - Fairness and compliance: Demonstrate bias testing, protected-class proxy mitigation, and compliant adverse action explanations; specify how SHAP/reason codes are generated and stored; note GLBA data privacy and encryption (in transit/at rest), RBAC/least privilege, and key management. - Metrics and trade-offs: Set target thresholds for latency (p99), precision/recall and false positive rate to minimize client friction; propose alert triage and human-in-the-loop review; quantify business impact with back-of-the-envelope estimates. - Productionization: Detail CI/CD for models (versioning, lineage, reproducibility), blue/green or shadow testing strategy, and how you would migrate from heuristic rules to hybrid rules+ML with measurable control improvements. Interview flow (Bank of America style): - 5–10 min: Clarifying questions to a panel of an engineering lead, a model risk partner, and a product owner. - 25–30 min: Whiteboard/diagram the target-state design, calling out control points and operational SLOs. - 15–20 min: Deep dive on Responsible AI, fairness, and reason-code generation; discuss how you would pass independent validation and partner with LOB risk. - 5–10 min: Trade-off discussion and roadmap (MVP to scaled rollout), plus risks and mitigations. Evaluation rubric: - Technical depth (streaming/serving, feature store design, monitoring) - Risk and control mindset (model governance, documentation, auditability) - Responsible AI and compliance (fairness, explainability, adverse action support) - Communication with non-technical stakeholders (clear, structured rationale) - Practicality and scalability (operational SLOs, cost/benefit, phased delivery)