On April 17, 2026, the Federal Reserve, FDIC, and OCC issued revised interagency guidance on model risk management, superseding long-standing model risk frameworks such as SR 11-7 and SR 21-8.
The update reflects supervisory experience over the last fifteen years and acknowledges the significant evolution in models, data and technologies used across the banking industry.
At its core, the revised guidance reinforces that model risk management should be tailored to a bank’s size, complexity and model risk profile. Regulators emphasize flexibility, noting that practices effective for large, complex institutions may not be appropriate for smaller or less complex banks. The guidance is expected to be most relevant to banking organizations with over $30 billion in total assets, but it is designed to scale based on actual model risk exposure rather than asset size alone.
The guidance maintains familiar pillars—model development and use, validation and ongoing monitoring and governance and controls—while providing greater clarity on the factors that drive model risk. It also expands discussion around vendor and third-party models, reflecting the growing reliance on externally developed tools and the need for appropriate oversight even when models are not built in-house.
The agencies are explicit that the guidance does not establish enforceable or prescriptive requirements, and that non-compliance alone will not result in supervisory criticism. In addition, the guidance clarifies that generative and agentic AI models are outside its scope, with regulators signaling that these rapidly evolving technologies will be addressed separately through future dialogue and requests for information.
Banks should view the revised guidance as an opportunity to reassess model inventories, governance structures and validation practices through a risk-based lens, rather than as a mandate to expand programs unnecessarily. For many institutions, the revisions provide welcome clarity while reinforcing the importance of sound model risk management fundamentals.
About Schneider Downs Financial Services
The Schneider Downs Financial Services industry group supports financial institutions as they navigate evolving risk, regulatory, and governance challenges. Our professionals work with institutions to strengthen internal audit, risk advisory, and related risk management programs that support sound decision‑making, operational effectiveness, and regulatory expectations.
Through services spanning internal audit, risk advisory, IT risk advisory, third‑party risk management, fraud risk advisory, and enterprise risk and compliance, we help financial institutions design and enhance resilient, risk‑based programs aligned with their strategic objectives and operating environment.
To learn more, visit our Financial Services Industry Group page.
References
- American Bankers Association Banking Journal. “Banking agencies issue revised risk management model guidance.” April 17, 2026.
- Federal Reserve Board Supervisory Letter SR 26-2, “Revised Guidance on Model Risk Management,” April 17, 2026.
- FDIC Financial Institution Letter FIL-15-2026, “Agencies Revise the Interagency Model Risk Management Guidance,” April 17, 2026.
- OCC Bulletin 2026-13, “Model Risk Management: Revised Guidance,” April 17, 2026.
