Inferensys

Glossary

SR 11-7

The Federal Reserve's supervisory guidance (SR Letter 11-7) establishing the core principles for a sound model risk management framework, including model validation, governance, and ongoing monitoring requirements for U.S. banking organizations.
Governance lead reviewing model governance framework on laptop, policy documents visible, executive office setup.
SUPERVISORY GUIDANCE

What is SR 11-7?

SR 11-7 is the Federal Reserve's definitive supervisory guidance establishing the core principles for a sound model risk management framework for U.S. banking organizations.

SR 11-7, formally titled "Supervisory Guidance on Model Risk Management," mandates that banks establish a comprehensive framework for model risk management (MRM) encompassing model identification, development, implementation, use, and validation. It defines model risk as the potential for adverse consequences from decisions based on incorrect or misused model outputs, requiring rigorous independent model validation conducted by qualified parties separate from model development.

The guidance requires ongoing model monitoring, including backtesting and benchmarking, to verify continued performance. It establishes the three lines of defense—model owners, independent risk management, and internal audit—and mandates robust model documentation and audit trails. For financial fraud anomaly detection systems, SR 11-7 compels institutions to demonstrate that machine learning models are conceptually sound, empirically validated, and continuously monitored for data drift and concept drift.

SR 11-7 COMPLIANCE

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the Federal Reserve's supervisory guidance on model risk management for banking organizations.

SR 11-7 is the Federal Reserve's supervisory guidance letter establishing mandatory principles for a sound model risk management (MRM) framework at U.S. banking organizations. Issued jointly with the Office of the Comptroller of the Currency (OCC 2011-12), it defines a model as a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories to process input data into quantitative estimates. The guidance matters because it makes model risk management a safety and soundness imperative—failure to comply can result in enforcement actions, capital add-ons, and restrictions on model use. It applies to all models, not just those used for regulatory capital, and scales expectations based on model materiality and complexity.

REGULATORY GUIDANCE

How SR 11-7 Applies to Fraud Detection Models

SR 11-7 establishes the mandatory model risk management framework for U.S. banking organizations, directly governing the development, validation, and ongoing monitoring of machine learning fraud detection systems.

SR 11-7 mandates that fraud detection models—including neural networks and ensemble methods—undergo rigorous independent validation prior to deployment. This requires evidence of conceptual soundness, where model developers must justify the choice of algorithm, feature engineering logic, and the statistical suitability of training data for the specific fraud typology being targeted. Validators must challenge whether a complex deep learning model is genuinely necessary over a more interpretable logistic regression baseline.

The guidance requires ongoing monitoring frameworks to detect performance degradation from concept drift in fraud patterns. Banks must establish thresholds for Population Stability Index (PSI) and Characteristic Stability Index (CSI) to trigger automatic alerts when transaction distributions shift. Critically, SR 11-7 demands a documented outcome analysis process comparing predicted fraud scores against actual confirmed fraud cases, ensuring the model's risk-ranking capability remains robust against evolving adversarial behaviors.

Model Risk Management Framework

Core Components of SR 11-7

The Federal Reserve's supervisory guidance establishes a comprehensive framework for managing model risk through four foundational pillars that govern the entire model lifecycle.

01

Model Governance & Oversight

Establishes the institutional framework for model risk management with clear roles and accountability.

  • Board and senior management must establish a firm-wide approach to model risk
  • Requires a dedicated model risk management function independent of model development
  • Mandates documented policies covering model identification, risk rating, and lifecycle controls
  • Defines the three lines of defense: model owners (1st), independent risk management (2nd), and internal audit (3rd)
  • Requires a comprehensive model inventory tracking all models across the organization
  • Establishes risk appetite statements and escalation procedures for model issues
02

Model Development & Implementation

Defines rigorous standards for the design, construction, and deployment of models used in financial decision-making.

  • Requires conceptual soundness demonstrated through theory, design, and construction quality
  • Mandates thorough developmental evidence including statistical testing and sensitivity analysis
  • Requires documentation of data quality and relevance for all inputs and assumptions
  • Establishes standards for implementation controls to ensure code integrity and system integration
  • Requires outcomes analysis comparing model outputs to actual realized values
  • Mandates documentation of model limitations and conditions for appropriate use
03

Independent Model Validation

Requires a rigorous, independent review of models by qualified parties who are separate from model development and free from business influence.

  • Validation must assess conceptual soundness, data integrity, and ongoing monitoring processes
  • Requires critical assessment of model limitations and assumptions
  • Mandates evaluation of outcomes analysis through backtesting and benchmarking
  • Validation frequency is determined by model risk tiering with higher-risk models reviewed more often
  • Requires formal validation reports documenting findings, weaknesses, and remediation requirements
  • Establishes a process for revalidation after significant model changes or findings resolution
04

Ongoing Monitoring & Maintenance

Establishes continuous oversight processes to ensure models remain fit for purpose after deployment.

  • Requires ongoing performance monitoring against established thresholds and benchmarks
  • Mandates detection of data drift and concept drift through statistical distribution analysis
  • Establishes trigger events that prompt immediate model review or revalidation
  • Requires documentation of override tracking when human judgment reverses model decisions
  • Mandates periodic model attestation by accountable business owners confirming fitness for purpose
  • Establishes change management controls for model updates, patches, and retirement
Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.