Model Risk Management SR 11-7
United States
2011
Cybersecurity
Overview
Key Obligations
- Establish a robust model risk management framework with defined roles and responsibilities
- Perform rigorous model validation, including conceptual soundness and outcome analysis
- Maintain a model inventory and risk-tiering system based on materiality
- Implement controls for model development, implementation, and use
- Conduct ongoing monitoring and performance assessments
- Ensure independent review by model risk or validation teams
- Involve board-level oversight and periodic reporting of model risk exposures
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
Risk Assessment
Assess risk to evaluate and manage potential fraud during customer onboarding and ongoing operations.
GRC
Governance, Risk, and Compliance solutions to streamline regulatory adherence and maintain operational security.
Transaction Monitoring
Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.
Related Regulations
FAQ
Is SR 11-7 a legally binding regulation?
No, it is supervisory guidance. However, failure to comply may result in regulatory scrutiny or enforcement actions.
What is considered a “model” under SR 11-7?
Any quantitative method, system, or approach that uses statistical, economic, financial, or mathematical theories to process input data into quantitative estimates.
Who is responsible for model validation?
Validation must be conducted by individuals independent from model development teams, often within a model risk or audit function.
Does SR 11-7 apply to vendor or third-party models?
Yes. Institutions must assess and manage risks associated with externally developed models, including third-party tools and platforms.