The operating system for high-consequence technology decisions.
Published before every engagement. Five reasons it exists, three principles it applies, four frameworks it runs on.
Why this methodology exists
The conditions this methodology was built for.
It's the architecture, not the effort.
Technology projects at community FIs run late and over budget at rates that hold steady across institutions, vendors, and cycles. The pattern is not effort. It is architecture. A project mis-scoped at the outset, justified against the wrong success metric, or selected before the business problem was defined will overrun no matter how well it is executed. The decision determines the outcome long before delivery begins.
The buyer cannot see what the seller chooses to hide.
When sellers hold materially better information about quality than buyers, markets drift toward the average and well-informed selling outperforms genuine quality. Technology procurement is precisely such a market. Vendor teams arrive having rehearsed the same engagement many times. Buyer-side training, at most trade associations, is a one-day seminar. A scoring sheet does not correct an asymmetry of this size. It formalizes it.
The burden moves downstream of the contract.
A model's behavior changes as data changes. Its decisions must be explainable after the fact. Its fairness must be tested continuously, not certified once. Governance becomes an operating discipline, not a procurement step. There is no AI-specific rulebook for community FIs today. The institution that waits for one will wait through the period in which the exposure is largest.
Megabank frameworks do not scale down.
Frameworks built for the largest banks assume resources a community institution does not have: dedicated model-validation teams, standing procurement functions, in-house data science. Applied unscaled, they produce documentation the institution cannot sustain and governance it cannot genuinely exercise. Proportionality is not a concession. It is the instruction.
Decision quality is a strategic asset.
When decisions fail structurally, when procurement favors the informed seller, when AI converts purchase into ongoing oversight, and when borrowed frameworks do not fit, decision quality becomes a strategic asset in its own right, as consequential as credit discipline or asset-liability management.
Three principles
What every engagement applies, before anything else.
Problem framing precedes vendor framing.
We do not begin any evaluation, strategy, or AI engagement by talking about products. The first phase always defines the business problem, the stakeholders, the constraints, and the success metrics that will be measured well after the contract is signed.
Disqualification over scoring.
Scorecards that rate vendors on every capability tend to converge on whichever vendor wrote the best response. The process is structured to surface the answers that disqualify candidates as early as possible, so the comparison at the end is among real finalists, not on paper.
The vendor is professional and well-prepared.
The commercial process vendors bring to community FIs is practiced and well-resourced. It reflects documented playbooks executed by teams who have worked through them with many prior buyers. The methodology is designed to recognize that preparation and keep the evaluation aligned with the institution's interest.
The four frameworks
Where the methodology becomes practice.
These conditions do not resolve on their own. Four named frameworks do the work, applied at specific moments in specific engagements. All are proprietary to Corlux Consulting.
The Corlux Elimination Framework
Disqualification-first evaluation. Vendors filtered by sequenced gates: regulatory readiness, integration realism, and financial health. Not scored on every capability. The finalists are vendors who genuinely clear every gate.
The Lifecycle Leverage Model
Leverage preserved across the full vendor relationship. Renewal terms, price caps, SLA credits, data portability, and exit rights negotiated at signature, not at renewal. The contract is treated as the multi-year commitment it actually is.
The Regulated AI Readiness Framework
Governance-first AI deployment, adapted from the NIST AI Risk Management Framework's govern, map, measure, and manage functions. Named model risk owner, drift monitoring, bias testing, incident response. Operational, not aspirational, and demonstrable to an examiner.
The Dependency-First Transformation Model
Sequenced modernization. The roadmap is ordered by what unblocks the most downstream work, not by what is most immediately visible or enthusiastically championed. Capacity reserve built in.
What each engagement produces
Every engagement produces four artifacts.
A documented decision trail.
The artifact compliance, the board, and the next examiner will ask for. Every phase contributes one defined deliverable to it.
A defensible recommendation.
Reached by disqualifying weak options early rather than scoring every option on paper, so the final comparison is among genuine finalists.
Preserved leverage.
Contract and renewal terms negotiated so the institution retains the ability to course-correct for the life of the relationship, not only at signing.
An exercised governance capability.
Particularly for AI: a framework the institution can demonstrate to an examiner, not merely describe.
Next step
The methodology is the deliverable.
If your board, your auditors, or your next examiner will ask why this vendor, this stack, or this model, the trail this methodology produces is the answer. Start the conversation.
Get in touch →