SR 11-7, formally titled "Supervisory Guidance on Model Risk Management," mandates that banks establish a comprehensive framework for model risk management (MRM) encompassing model identification, development, implementation, use, and validation. It defines model risk as the potential for adverse consequences from decisions based on incorrect or misused model outputs, requiring rigorous independent model validation conducted by qualified parties separate from model development.
Glossary
SR 11-7

What is SR 11-7?
SR 11-7 is the Federal Reserve's definitive supervisory guidance establishing the core principles for a sound model risk management framework for U.S. banking organizations.
The guidance requires ongoing model monitoring, including backtesting and benchmarking, to verify continued performance. It establishes the three lines of defense—model owners, independent risk management, and internal audit—and mandates robust model documentation and audit trails. For financial fraud anomaly detection systems, SR 11-7 compels institutions to demonstrate that machine learning models are conceptually sound, empirically validated, and continuously monitored for data drift and concept drift.
Frequently Asked Questions
Clear, technically precise answers to the most common questions about the Federal Reserve's supervisory guidance on model risk management for banking organizations.
SR 11-7 is the Federal Reserve's supervisory guidance letter establishing mandatory principles for a sound model risk management (MRM) framework at U.S. banking organizations. Issued jointly with the Office of the Comptroller of the Currency (OCC 2011-12), it defines a model as a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories to process input data into quantitative estimates. The guidance matters because it makes model risk management a safety and soundness imperative—failure to comply can result in enforcement actions, capital add-ons, and restrictions on model use. It applies to all models, not just those used for regulatory capital, and scales expectations based on model materiality and complexity.
How SR 11-7 Applies to Fraud Detection Models
SR 11-7 establishes the mandatory model risk management framework for U.S. banking organizations, directly governing the development, validation, and ongoing monitoring of machine learning fraud detection systems.
SR 11-7 mandates that fraud detection models—including neural networks and ensemble methods—undergo rigorous independent validation prior to deployment. This requires evidence of conceptual soundness, where model developers must justify the choice of algorithm, feature engineering logic, and the statistical suitability of training data for the specific fraud typology being targeted. Validators must challenge whether a complex deep learning model is genuinely necessary over a more interpretable logistic regression baseline.
The guidance requires ongoing monitoring frameworks to detect performance degradation from concept drift in fraud patterns. Banks must establish thresholds for Population Stability Index (PSI) and Characteristic Stability Index (CSI) to trigger automatic alerts when transaction distributions shift. Critically, SR 11-7 demands a documented outcome analysis process comparing predicted fraud scores against actual confirmed fraud cases, ensuring the model's risk-ranking capability remains robust against evolving adversarial behaviors.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Core Components of SR 11-7
The Federal Reserve's supervisory guidance establishes a comprehensive framework for managing model risk through four foundational pillars that govern the entire model lifecycle.
Model Governance & Oversight
Establishes the institutional framework for model risk management with clear roles and accountability.
- Board and senior management must establish a firm-wide approach to model risk
- Requires a dedicated model risk management function independent of model development
- Mandates documented policies covering model identification, risk rating, and lifecycle controls
- Defines the three lines of defense: model owners (1st), independent risk management (2nd), and internal audit (3rd)
- Requires a comprehensive model inventory tracking all models across the organization
- Establishes risk appetite statements and escalation procedures for model issues
Model Development & Implementation
Defines rigorous standards for the design, construction, and deployment of models used in financial decision-making.
- Requires conceptual soundness demonstrated through theory, design, and construction quality
- Mandates thorough developmental evidence including statistical testing and sensitivity analysis
- Requires documentation of data quality and relevance for all inputs and assumptions
- Establishes standards for implementation controls to ensure code integrity and system integration
- Requires outcomes analysis comparing model outputs to actual realized values
- Mandates documentation of model limitations and conditions for appropriate use
Independent Model Validation
Requires a rigorous, independent review of models by qualified parties who are separate from model development and free from business influence.
- Validation must assess conceptual soundness, data integrity, and ongoing monitoring processes
- Requires critical assessment of model limitations and assumptions
- Mandates evaluation of outcomes analysis through backtesting and benchmarking
- Validation frequency is determined by model risk tiering with higher-risk models reviewed more often
- Requires formal validation reports documenting findings, weaknesses, and remediation requirements
- Establishes a process for revalidation after significant model changes or findings resolution
Ongoing Monitoring & Maintenance
Establishes continuous oversight processes to ensure models remain fit for purpose after deployment.
- Requires ongoing performance monitoring against established thresholds and benchmarks
- Mandates detection of data drift and concept drift through statistical distribution analysis
- Establishes trigger events that prompt immediate model review or revalidation
- Requires documentation of override tracking when human judgment reverses model decisions
- Mandates periodic model attestation by accountable business owners confirming fitness for purpose
- Establishes change management controls for model updates, patches, and retirement

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us