Revised Interagency Supervisory Guidance on Model Risk Management (issued April 17, 2026, by the FDIC, OCC, and Federal Reserve Supersedes the 2011 Supervisory Guidance on Model Risk Management

Posted in News & Events

In case you missed it, and almost exactly 15 years later, the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and the Board of Governors of the Federal Reserve System have jointly issued revised interagency guidance on Model Risk Management (MRM), effectively superseding or replacing SR 11-7/OCC 2011-12/FIL-22-2017 with SR 26-2/OCC 2026-13/FIL-15-2026.

This update clarifies principles for managing risks associated with models used in banking, adopting a “risk-based approach” that institutions should tailor to their specific model risk profile, as well as the size and complexity of their operations. It reflects the growing use of advanced models amid technological advances, while emphasizing sound governance, development, implementation, and controls without imposing prescriptive or enforceable requirements. This shift provides opportunity to reevaluate the popular risk tiering approach applied to models.

The guidance is primarily relevant to larger banking organizations (especially those with more than $30 billion in assets) that have significant model risk exposure. Smaller institutions without substantial model risk can generally rely on their existing internal risk management framework and practices, unless they have significant model risk exposure or provide services outside of the scope of traditional community banking. In essence, this revision provides many institutions under $30 billion in assets an opportunity to shift from simply following regulatory expectations to crafting a Model Risk Program that fits its individual Risk Appetite and complexity.

Of note, it also rescinds certain prior FDIC issuances that had adopted or supplemented the 2011 guidance (e.g., FIL-22-2017 and FIL-27-2021), as well as Model Risk Management booklet in OCC Comptroller’s Handbook, and supersedes Fed’s SR letter 11-7 and other interpretive documents.

The core three-pillar framework – governance and controls; model development and implementation/use; model validation and ongoing monitoring – remains fundamentally the same, but with added clarifications with respect to effective challenge, multidisciplinary input, performance monitoring under changing conditions, third-

party/vendor considerations, and overall mode risk tailoring. The guidance continues to be non-prescriptive and non-enforceable, meaning it does not create new supervisory interventions solely on the basis of non-compliance.

The definition of a “model” is refined slightly and is now explicitly described as a “complex quantitative method” applying statistical, economic, or financial theories. Simple calculations, deterministic rule-based processes, and software without underlying theories are now excluded.

Further, the guidance explicitly addresses technological advancements and states:

“Advances in technology along with increased competition have driven banking organizations to leverage innovative approaches… The principles described in this guidance apply to traditional statistical and quantitative models and non-generative, non-agentic AI models.”

However, generative AI and agentic AI models are not included within the scope of this specific guidance (such models are described as “novel and rapidly evolving”). For these models and modeling frameworks, banking organizations should instead apply their broader and existing risk management and governance practices.

Since the risk-based approach remains a persistent theme across all the financial industry regulators, in the absence of clear guidance on unconventional models, my colleagues at Velligan-Blaxall Consultants and I suggest starting your unconventional AI model journey with a robust risk assessment that will identify governance gaps and lead to a target operating model consistent with the appetite of the institution. For traditional financial models, we have updated our workflows and will be happy to assist banks and credit unions with bringing theirs in alignment with the new guidance.