Model Risk Management (SR 11-7)

Model Risk Management is the discipline of identifying, measuring, monitoring, and controlling the risk arising from financial models. SR 11-7 is the Federal Reserve guidance that defines it.

What is SR 11-7?

SR 11-7 (Supervision and Regulation Letter 11-7, "Guidance on Model Risk Management") is the April 2011 joint guidance from the Federal Reserve and OCC defining model risk management expectations for US banks. It requires a comprehensive program covering model development, implementation, use, and ongoing validation — with independent validation, effective challenge, and documentation of model limitations and uncertainties.

AI as a "model"

SR 11-7's definition of "model" is broad: any quantitative method applied to underlying assumptions to produce quantitative estimates. Generative AI, classification AI, fraud detection, credit scoring, and even certain rule-based systems are increasingly being scoped in by bank examiners. The 2024-2025 examination cycle has clarified that AI used in regulated bank decisions falls under SR 11-7 regardless of whether the bank built it or bought it.

What buyers should ask

For AI vendors selling to banks: do you provide the technical documentation, training-data summary, evaluation results across demographic and edge-case slices, known limitations, and ongoing-monitoring capability that the bank's MRM team will need to validate the model. Vendors that publish SR 11-7-aligned documentation packets shorten the procurement cycle dramatically; vendors that don't may still be procurable but require the bank's MRM team to extract the necessary documentation through extensive back-and-forth.