Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency and Board of Governors of the Federal Reserve System issue revised model risk management guidance for banks over USD 30 billion

The Federal Deposit Insurance Corporation, together with the Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System, issued revised model risk management guidance that frames model risk management as a risk-based discipline to be scaled to a banking organization’s size, complexity, and model risk profile. The guidance highlights principles for effective model development and use, validation and monitoring, and governance and controls, while stating that it does not set enforceable standards or prescriptive requirements and that non-compliance will not result in supervisory criticism. The guidance is expected to be most relevant to banking organizations with over USD 30 billion in total assets, though it may also be relevant to smaller organizations with significant exposure to model risk due to model prevalence and complexity or activities outside traditional community banking. It defines a “model” as a complex quantitative method, system, or approach grounded in statistical, economic, or financial theories, excluding simple arithmetic calculations and deterministic rule-based processes, and notes that generative and agentic AI models are out of scope while the principles apply to traditional and non-generative, non-agentic AI models. Vendor and other third-party products receive specific attention, including expectations to validate such products and conduct ongoing monitoring and outcomes analysis despite potential limits on transparency from proprietary components; the FDIC also rescinded FIL-22-2017 and FIL-27-2021 in connection with the revised guidance.