Banking agencies tighten model-risk validation

The Office of the Comptroller of the Currency, Federal Reserve, and Federal Deposit Insurance Corporation rewrote bank model-risk guidance on April 17, replacing the framework many firms had used since 2011. (occ.gov) (federalreserve.gov) A model, in bank supervision, is a tool that turns data and assumptions into decisions on credit, capital, liquidity, pricing, fraud, or compliance. The agencies said those tools have grown more complex and more widespread across banking operations. (occ.gov) The revised guidance says model-risk programs should be risk-based, not one-size-fits-all, and tailored to each bank’s model-risk profile, size, and complexity. It says a model that is low-risk at one bank can pose higher risk at another. (federalreserve.gov) (occ.gov) The agencies also narrowed where the guidance bites hardest. They said it is expected to be most relevant to banking organizations with more than $30 billion in total assets, though smaller banks with significant model exposure may still need to use it. (federalreserve.gov) (fdic.gov) That is a sharp change from the older regime. The new interagency package supersedes Federal Reserve SR 11-7 from April 4, 2011 and the 2021 interagency statement for Bank Secrecy Act and anti-money-laundering model systems. (federalreserve.gov) The agencies kept the core architecture intact: model development and use, independent validation and ongoing monitoring, and governance and controls. They also said vendor and other third-party products belong inside the same risk-management framework. (occ.gov) (fdic.gov) One of the clearest lines in the rewrite is what it does not do. The guidance says it does not set enforceable standards or prescriptive requirements, and non-compliance alone will not trigger supervisory criticism. (occ.gov) (fdic.gov) Another clear line is what it does not cover. The Office of the Comptroller of the Currency said generative artificial intelligence and agentic artificial intelligence models are novel, rapidly evolving, and outside this guidance’s scope. (occ.gov) For banks, the practical effect is less about a new checklist than about re-scoping inventories, validation plans, and governance around material models. The agencies said the guidance is most useful for models that support significant business lines, operations, services, and functions. (occ.gov 1) (occ.gov 2) Law firm Orrick said the rewrite is more concise and more principles-based than the prior framework, after years of industry complaints that examiners were applying old guidance too prescriptively, especially at community banks. (orrick.com) The message from Washington is not that model validation is going away. It is that banks now have more room to match controls to actual model risk, and less cover for treating every model the same. (federalreserve.gov) (occ.gov)