In European bank I worked at, it was worked around by having an employee "reviewing" the "recommendation" given by AI, and making the final decision. The final decision was of course 100% in line with AI "recommendation".
The AI act is less than a month old; you were likely dealing with either older or local legislation, or some attempt at corporate responsibility (possibly risk management; if you tell your financial regulators “yeah, an unverifiable magic box makes the lending decisions, unreviewed”, you will likely get in trouble, at least in the post-noughties-financial-crisis era).
The EC is usually rather sceptical of attempts to work around the rules.
GDPR Article 22 has been in force for a long time:
> The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The EC is usually rather sceptical of attempts to work around the rules.