SS1/23 – Model risk management principles for banks

Supervisory statement 1/23
Published on 17 May 2023

This Prudential Regulation Authority (PRA) supervisory statement (SS) sets out the PRA’s expectations for banks’ management of model risk. The desired outcome of this SS is that banks take a strategic approach to model risk management (MRM) as a risk discipline in its own right.

The expectations in the SS are relevant to all regulated UK-incorporated banks, building societies, and PRA-designated investment firms, which have internal model approval to calculate regulatory capital requirements for either credit risk (Internal Ratings Based approaches), market risk (Internal Model Approach), or counterparty credit risk (Internal Model Method).

The expectations are in the form of five principles considered key to implement a robust MRM framework and to manage the risk effectively across all model and risk types. The principles are intended to support firms to strengthen their policies, procedures, and practices to identify, manage, and control the risks associated with the use of models. The themes of the principles are:

Principle 1 – Model identification and model risk classification 
Principle 2 – Governance
Principle 3 – Model development, implementation and use 
Principle 4 – Independent model validation
Principle 5 – Model risk mitigants

The principles are supported by sub-principles which include:

  • a proportionate implementation within firms (across models) and across firms;
  • the identification and allocation of the responsibility for the overall MRM framework to the most appropriate Senior Management Function (SMF) holder(s);
  • reporting on the effectiveness of MRM for financial reporting to the audit committee; and
  • identifying and managing the risks associated with the use of artificial intelligence in modelling techniques such as machine learning to the extent that it applies to the use of models more generally.

The expectations in the SS are overarching principles, intended to complement existing requirements and supervisory expectations in force on MRM. The principles are applicable to all types of models that are used to inform business decisions, whether developed in-house or externally (including vendor models), regardless of technology and including models used for financial reporting purposes.

Current version

Published 17 May 2023. Effective from 17 May 2024.

- Following PS6/23 – Model risk management principles for banks