SR 11-7 / SR 26-2 model risk management for AI agents

01 · § III.B · FOUR PILLARS

The four-pillar model risk management framework.

Banks should establish a model risk management framework that includes (1) robust model development, implementation, and use; (2) sound model validation; (3) good governance, policies, and controls; and (4) comprehensive documentation. Effective model risk management calls for disciplined and knowledgeable development and implementation processes, sound model validation, governance and controls, and documentation that allows informed parties to understand the model. SR 11-7 · § III.B four-pillar framework · 2011-04-04

The phrase model risk management framework is verbatim regulator language. Read with care. The supervisor is not asking the bank to choose any structure it likes; the supervisor is naming a specific four-pillar layout and reading the bank's practice against it. The four pillars are not a checklist. They are an integrated lifecycle the supervisor expects to see on every model the bank treats as material.

Placement matters. SR 11-7 sits inside Federal Reserve supervisory guidance, joined by OCC Bulletin 2011-12 the same day, and adopted by FDIC through FIL-22-2017. Together the three letters bind every insured depository institution and bank holding company in the United States above a USD 1 billion asset threshold, with smaller institutions held to a proportionate standard under SR 25-1 (April 2025).

The 2011 letter was written when the typical material model was a credit-scoring regression or a Basel III IRB calculation. The text accommodates AI agents only because § II writes the model definition use-driven, not technique-driven. If the output of the artefact drives a bank decision, the artefact is a model. SR 26-2 writes that read explicit.

"Banks should establish a model risk management framework. The phrase is the spec. The four pillars are the engineering."SR 11-7 · § III.B · regulator language

The four pillars, paraphrased and indexed against SR 11-7's own paragraph layout:

§ III.B (1)

Robust model development, implementation, and use. Conceptual soundness review at the point of build. Implementation testing before production. Use boundaries documented and respected. IMPLICATION · the agent's prompt template, tool registry, and retrieval policy are developmental artefacts. Each version is dated, owned, and reviewed before it touches a customer.

§ III.B (2)

Sound model validation. Independent of development. Conducted before deployment. Repeated as material conditions change. IMPLICATION · the eval suite is an audit artefact. Validation outcomes are captured per cohort and per model version, not aggregated post-hoc.

§ III.B (3)

Good governance, policies, and controls. Board-approved policy. Senior management oversight. Independent risk-control function. Internal audit. IMPLICATION · a named accountable officer attests. The Warrant evidence package binds the record to that officer's role, not just to a system, and is independently verifiable without contacting Warrant.

§ III.B (4)

Comprehensive documentation. Sufficient detail that a knowledgeable third party can understand and replicate the model. IMPLICATION · the per-decision document trail is the artefact. Aggregated quarterly reports do not pass the third-party replicability test.

02 · SR 26-2 CARRY-FORWARD

The AI/ML carry-forward.

SR 26-2 was issued by the Federal Reserve Board in early 2026 and supersedes SR 11-7 administratively while preserving the four-pillar text verbatim. The revision is short and surgical. The body of the original letter is reprinted. The new front matter does three things at once.

First, SR 26-2 names categories of AI system the regulator now considers in scope by default. The list is explicit: agentic AI, LLM-driven decisioning, retrieval-augmented systems. The naming closes a question that had been technically open under SR 11-7 alone, where some banks argued LLM outputs were tools rather than models. Under SR 26-2 the cleavage is whether the output flows into a bank decision, not whether the underlying technique is statistical.

Second, SR 26-2 incorporates by reference the OCC Comptroller's Handbook on model risk supervision, treating it as the operative examiner methodology. The Handbook walks examiners through the four pillars at horizontal review and produces the test questions the bank's MRM team has to answer. Banks that read the Handbook as a Rosetta Stone for their SR 11-7 obligations are reading the right way.

Third, SR 26-2 expands the effective-challenge expectation. Under SR 11-7 § V.B effective challenge sat at validation time. Under SR 26-2 effective challenge extends to runtime: the bank is expected to log, per decision, what alternatives the AI considered and why the chosen path was preferred. The runtime extension is the single largest practical change for AI agents in 2026 and is the gap most likely to surface in the next examination cycle.

The carry-forward also clarifies the model inventory expectation. § IV.A required a bank-wide inventory of all models in use, planned for use, or recently retired. Under SR 26-2 the inventory has to capture AI agents as named models with version, owner, last validation date, and residual risk. An LLM-driven decisioning agent without an inventory row is, on the operative SR 26-2 read, an unmanaged model. Unmanaged models are the most common phrasing in MRA letters.

03 · GOVERNANCE

Governance · the board signoff.

Model risk governance is provided at the highest level by the board of directors and senior management. Banks should establish a strong model risk management framework that fits into the broader risk management of the organization. Model risk policies should be approved by the board. SR 11-7 · § V.A · governance

§ V.A starts at the board. Model risk policy is a board-approved policy. The chief risk officer or a designated risk-management head owns enterprise model risk. An independent model risk management function performs validation and ongoing review. Internal audit reviews the function. The four-tier structure (board, CRO, MRM, audit) is not optional and is typically the first thing an OCC examiner sketches at intake.

For an AI agent acting inside a bank, the live question is who in this chain holds personal liability when the agent issues a decision. The answer SR 11-7 requires is binary: a named human officer signs off on the model and remains accountable for its outputs. The named officer's role under the bank's risk policy is what the supervisor binds the model to. The agent does not displace that accountability; it inherits it.

GAO B-331324 is the canonical citation for the original SR 11-7 letter under Congressional Review Act review. The letter is sometimes cited by counsel as B-331324 in pleadings and supervisory correspondence; the text and paragraph references are unchanged. Examiners use the SR letter; counsel often cite GAO. Both lead to the same operative four pillars.

The Warrant evidence package binds the record to the named accountable officer's role at decision time. It does not authenticate a server; it carries a regulated officer's attestation that the trace is what the agent did. The record is the courtroom-grade equivalent of a wet-ink CRO sign-off, independently verifiable without contacting Warrant, and it fixes the decision in time against the policy version that was current at the moment of decision.

04 · DEVELOPMENT

Development standards · the build phase.

Model development is a multidisciplinary activity that should incorporate sound theory, judgment, and statistical analysis. The model should be developed and implemented to be consistent with the situation and goals of the model user and with bank policy. Model development should incorporate clear statement of purpose, sound design and theory, rigorous data quality controls, and documentation of the development process. SR 11-7 · § III.B (1) · development

§ III.B (1) sets the build-phase test. Three questions: model selection rationale (why this technique), conceptual soundness (does the technique fit the problem), and development testing (was implementation correctness verified before deployment). The classical 2011 application produced a model methodology document, a development testing report, and a code review. Each was a static artefact lodged before deployment.

For an AI agent, the same three questions apply but the artefacts multiply. The model is not a single estimator. The model is the agent: a foundation model, plus a tool registry, plus a prompt template, plus a retrieval policy, plus a guardrail layer, plus a post-processing rule. Each component is a developmental artefact under SR 11-7. Each version is dated, owned, and tied to a development testing record before the agent is allowed to issue a decision.

The OCC Comptroller's Handbook reads the development standard with practical force. An examiner walking development documentation for an LLM-driven agent will pull the prompt template version against the foundation model version, then pull both against the live policy version. A mismatch (production prompt against a stale foundation, or a current foundation against an undocumented prompt) is the first place the examiner finds a gap. Banks that treat the prompt template as a configuration value rather than a versioned artefact carry the largest exposure.

The retrieval policy deserves separate mention. A retrieval-augmented system that selects context from a corpus is a model under SR 26-2. The corpus index, the retrieval similarity threshold, the chunk window, and the rerank logic are developmental decisions. Under SR 11-7 § III.B (1) each is documented. A retrieval corpus that ingested a new document set without a corresponding development testing pass is, under the operative read, a substantial change in the model that triggers re-validation.

05 · VALIDATION

Effective validation.

An effective validation framework should include three core elements: evaluation of conceptual soundness, ongoing monitoring, and outcomes analysis. Validation involves a degree of independence from model development and use. Generally, validation should be done by people who are not responsible for development or use and do not have a stake in whether a model is determined to be valid. SR 11-7 · § V.B · validation

§ V.B is the most cited paragraph in MRA findings. Validation is independent. Validation evaluates conceptual soundness, including developmental evidence; performs ongoing monitoring, including process verification and benchmarking; and runs outcomes analysis, including back-testing.

The independence test has procedural force. Validation has to be performed by people not involved in development. In practice the bank's MRM function or an external party. Validators must have authority to challenge developers and influence to elevate findings to the CRO and board. SR 11-7 calls this effective challenge. SR 26-2 expands the term to include runtime alternatives logging.

Outcomes analysis is the empirical leg. Outputs of the model are compared to actual realised outcomes. For a credit model: predicted probability of default versus actual default rates. For an AI agent: the agent's classification, recommendation, or score versus a gold-labeled ground truth. The Warrant 200-trace eval suite (see /blog/regulator-grade-evals) is the canonical operationalisation of outcomes analysis for an LLM-driven agent. Each canonical trace is hand-graded; the agent's output is compared cohort by cohort; the calibration curve and confusion matrix are bound to the model version in a record that is independently verifiable without contacting Warrant.

Sensitivity analysis is the operational leg. The validator perturbs inputs and observes output stability. For an AI agent, sensitivity testing reads as adversarial robustness: prompt injections, paraphrased queries, edge-case populations. A validation report that does not include sensitivity testing is incomplete under § V.B and is the second-most-common MRA gap.

Replicate-the-output is the practical test an examiner runs at horizontal review. Given a real production decision, can validation reproduce the model's reasoning. For a deterministic linear model, trivial. For a stochastic LLM, the test is non-trivial and is exactly where a trace that is independently verifiable without contacting Warrant (see /blog/four-layer-evidence-stack) earns its keep. The record captures the exact inputs, model version, and outputs at decision time; replay is deterministic against that record.

06 · DOCUMENTATION

Comprehensive documentation and audit trails.

Documentation is essential to effective model risk management. Documentation provides a foundation for independent review and is critical to ensuring effective challenge. Without adequate documentation, model risk management will be ineffective. Documentation should be comprehensive and detailed enough to allow informed third parties to understand how the model operates, its limitations, and its key assumptions. SR 11-7 · § III.A.5 and § III.B (4) · documentation

The word comprehensive is verbatim regulator language and load-bearing. § III.B (4) requires comprehensive documentation. § III.A.5 supplies the third-party replicability test. Together they set the standard a supervisor reads on examination: a knowledgeable third party (the examiner) must be able to reconstruct the model's design, intended use, limitations, validation findings, and recent material decisions from the documentation alone.

Three documents satisfy the static portion: the model methodology document, the validation report, and the model card. Together they describe what the model is. None of them, individually or collectively, satisfies the runtime portion: the audit trail of what the model actually did.

The audit trail is where AI agents diverge sharply from 2011-era models. A credit-score regression issues one decision and the audit trail is a row in a database with a model version stamp. An AI agent issues a sequence of tool calls, retrievals, and intermediate reasoning steps before producing the customer-facing decision. The audit trail must reconstruct what the model did, when, and why, at the granularity of each tool call and each retrieval. Anything coarser fails the third-party replicability test on examination. The same audit-trail gap is read against the NYDFS Part 500 rule in why standard logs do not satisfy 23 NYCRR § 500.6.

This is the per-decision evidence obligation Warrant addresses. The evidence package binds the agent's full action graph (per-action subject, inputs, outputs, alternatives considered, rationale, timestamp) to the active model version, the active policy version, and the named accountable officer at decision time. The record is independently verifiable without contacting Warrant, and it fixes the decision in time. The tamper-evidence is readable for fifteen years and beyond, because the sectoral retention floor under MDR-equivalent rules does run that long when bank decisions intersect with insurance or regulated wealth products.

07 · MODEL INVENTORY

The model inventory question.

Banks should maintain a comprehensive set of information for models in use, including model description and methodology, use, owner, validation status, and risk classification. The inventory should include all models, regardless of how they are developed or implemented, and should be updated whenever models are modified or retired. SR 11-7 · § IV.A · model inventory

§ IV.A is short and unforgiving. Every model in production. Version. Owner. Last validation date. Residual risk classification. Banks have run model inventories for credit, market, and operational risk models since 2011. AI agents make the inventory question urgent in three ways.

First, when does a prompt change become a new model. SR 26-2 reads any change that materially shifts the model's intended use or output behaviour as a substantial change. A prompt-template rewrite that broadens use from internal classification to external customer-facing decisions is one. A guardrail relaxation that admits previously-blocked categories is one. A persona shift that changes the agent's tone in regulated communications is one. Each triggers a fresh inventory entry, a fresh validation pass, and a fresh documentation snapshot.

Second, when does a retrieval policy change require re-validation. The retrieval corpus is part of the model under SR 26-2. A new document set ingested into the corpus, or a similarity threshold tuned more permissive, or a rerank logic swapped in, all read as model changes. Banks that operated retrieval-augmented agents in 2025 without inventory rows are the population at highest risk in 2026 examination cycles.

Third, when does a foundation-model swap reset the clock. A swap from one provider's frontier model to another, or to a newer version of the same model, is a substantial change without exception. § V.A.5 directs validation to repeat. § III.B (4) directs documentation to be re-issued. § IV.A directs the inventory entry to be updated. Recent OCC examination cycles (2024-2025) have flagged AI agents as ungovernanced models in MRA/MRIA findings, the cleanest signal that this paragraph is being read with force.

The Warrant trace.metadata.model_inventory_id field is the per-decision binding to the inventory row. Each decision the agent issues carries the inventory identifier of the model version that produced it. An examiner pulling a single decision walks back from trace through inventory_id to model card and active validation. The walk takes seconds. The same walk for a bank that does not bind decisions to inventory rows takes weeks of internal investigation, often producing a partial answer, which is itself the gap finding.

08 · ENFORCEMENT SIGNAL

Recent enforcement signal.

The four pillars are read with force. Two recent enforcement signals frame the 2026 examination cycle.

Wells Fargo, September 2024. The OCC partially terminated a 2018 consent order tied to model risk failures across consumer auto, mortgage, and deposit decisioning. The civil money penalty package across the multi-year action exceeded USD 3 billion. The original consent order cited SR 11-7 § III.B failures repeatedly, with the most-cited paragraphs being § V.A.5 (ongoing validation) and § III.B (4) (comprehensive documentation). The September 2024 partial release acknowledged remediation; remaining components stayed open. The pattern is precedent: model risk failures compound across business lines, the supervisor enforces against the enterprise, and the fine is ordered in billions, not millions.

Citigroup, November 2024. The Federal Reserve and OCC renewed a 2020 consent order, with USD 400 million in civil money penalties tied to enterprise risk management failures including model risk components. The order text cited significant ongoing deficiencies in enterprise-wide risk management, including model risk management. Remediation milestones extended into 2027. The order is a live exposure for AI agents deployed in 2024-2026: each new agent that lacks SR 11-7 evidence is, by the supervisor's read, additional deficiency under an existing live order.

The OCC Annual Report 2025 risk perspective named generative AI in lending decisioning as a heightened-risk activity. The corresponding semiannual risk perspective, published Q1 2026, expanded the named activities to include AI-driven fraud screening, AML transaction monitoring, and customer suitability assessments. The 2026 examination cycle is, in the supervisor's own words, model-risk-heavy. Banks running agentic AI in any of the named activity types should expect SR 26-2 to be cited in MRA or MRIA findings within twelve months of the agent going into production.

Smaller actions follow the same template. Multiple OCC and Federal Reserve cease-and-desist orders against community and regional banks during 2023-2025 cited § III.B effective-challenge gaps as the primary finding. The settlement sums are smaller; the model risk paragraphs are identical. Counsel reviewing this page should treat the four pillars as the supervisor's first read on any AI agent in a regulated decisioning role.

09 · FIELD MAPPING

Where Warrant maps SR 11-7.

The mapping below names each operative SR 11-7 obligation and the Warrant evidence field that satisfies it. This is the table an OCC or Federal Reserve examiner reads against the evidence package on horizontal review.

SR 11-7 clause	What AI must evidence	Warrant evidence field
§ III.B.1 governance	Board-policy adherence per decision	trace.actions[].policy_engagement
§ III.B.2 development	Dev-time documentation per agent change	classification.dev_provenance
§ III.B.3 validation	Independent eval results per cohort	regulator_evidence.eval_suite_signature
§ III.B.4 documentation	Per-decision rationale and uncertainty	trace.actions[].decision_rationale
§ IV.A inventory	Model identifier and version per trace	trace.metadata.model_inventory_id
§ V.A use	Use-context check per decision	assess.use_context_in_scope

§ III.B.1

Governance · board-policy adherence per decision. FIELD · trace.actions[*].policy_engagement (policy_id, version, applicability, deviation_flag) bound to the active board-approved policy version at decision time.

§ III.B.2

Development · dev-time documentation per agent change. FIELD · classification.dev_provenance (foundation_model_version, prompt_template_hash, tool_registry_hash, retrieval_policy_id, dev_test_record_id) carried in every evidence package.

§ III.B.3

Validation · independent eval results per cohort. FIELD · regulator_evidence.eval_suite_signature (canonical-trace eval pass/fail, calibration curve, sensitivity matrix) attributed to the validator as a party distinct from the officer who issues decisions.

§ III.B.4

Documentation · per-decision rationale and uncertainty. FIELD · trace.actions[*].decision_rationale (chain-of-reasoning, alternatives_considered, confidence, uncertainty_flag) preserved as the audit-trail leg of comprehensive documentation.

§ IV.A

Inventory · model identifier and version per trace. FIELD · trace.metadata.model_inventory_id (named row in the bank's MRM inventory) plus model_version_id (foundation + agent composition lineage). One walk from decision to inventory.

§ V.A

Use · use-context check per decision. FIELD · assess.use_context_in_scope (boolean: was the decision within the model's documented intended use). Flags scope creep at decision time, not at quarterly review.

Sample US evidence package · Northcentral Trust Bank small-business underwriting agentINDEPENDENTLY VERIFIABLE · MAPPED TO SR 11-7

→ /samples/us-fintech.pdf

10 · REPRODUCIBILITY CLOCK

The comprehensive-documentation clock.

SR 11-7 § III.A.5 sets the third-party replicability standard: documentation must allow a knowledgeable third party (an examiner) to reproduce the model's reasoning. For deterministic models the standard is mechanical. For AI agents, the standard meets a hard problem: the model is stochastic, sampling from a distribution at each token, and a literal replay of the same prompt against the same foundation model can produce a different output.

Three layers solve the reproducibility clock together. The deterministic eval suite runs canonical traces with fixed seeds and recorded responses; the suite is the model's behavioural baseline at the version under examination. A trace that is independently verifiable without contacting Warrant binds the actual production decision (input, model version, sampled output), so replay is verification of what the model did, not re-execution of what the model would do. The record is fixed so it verifies the same way across regenerations. The combination is what an examiner reads against the third-party replicability standard.

The companion note at /blog/four-layer-evidence-stack sets out the construction in full. The record is independently verifiable without contacting Warrant, and it fixes the decision in time: the timestamp is the regulator-readable placement of the decision; the record is the regulator-readable attestation. The combination is the only construction that survives a fifteen-year retention horizon, which is the lower bound a bank needs because MDR-equivalent retention is fifteen years for implantable devices and bank decisions on insurance products often inherit the longer floor.

An examiner asking can you reproduce the model's reasoning on this decision is asking the third-party replicability question. The bank that answers here is the trace, it is independently verifiable without contacting Warrant, the record places the decision at a fixed point in time, the eval suite at this version produced this calibration profile is answering at the standard SR 11-7 sets. The bank that answers with a screenshot or a quarterly aggregate is producing the gap finding.

11 · US REGULATORY MAP

Where SR 11-7 + SR 26-2 fit in the wider US map.

SR 11-7 does not run alone. The same AI agent inside the same US bank is read against an overlapping set of regimes, each from a different supervisor.

NYDFS Part 500 (23 NYCRR § 500). State regulator. Cybersecurity and audit-trail rule for any institution licensed by the New York Department of Financial Services. § 500.6 requires the regulated entity to maintain audit trails sufficient to detect and respond to cybersecurity events affecting non-public information. AI agents acting on customer data are in scope. The audit trail satisfying SR 11-7 § III.B (4) also satisfies Part 500 § 500.6 when the trace records the agent's interactions with non-public information.

CFPB AI guidance. Federal consumer protection regulator. Circular 2022-03 on adverse action notices required specificity in reason codes for credit denials, including denials produced by complex models. 2023 guidance on chatbots required appropriate human escalation paths and clear disclosure when a customer is interacting with an AI. 2025 guidance on automated underwriting reaffirmed ECOA and FCRA application to AI-driven decisioning. The four pillars of SR 11-7 do not exhaust the CFPB obligations, but the same per-decision audit trail satisfies the documentation leg of both regimes.

OCC Bulletin 2023-17 (third-party risk for AI). The June 2023 Interagency Guidance on Third-Party Relationships, jointly issued by the Federal Reserve, OCC, and FDIC, requires the bank to apply MRM-equivalent oversight to third-party models that drive bank decisions. SR 25-1 (April 2025) confirmed the read for AI agents specifically. The fintech that wants to scale BaaS deployments treats SR 11-7 evidence as the operative artefact whether or not the fintech is itself a chartered bank. The bank is the supervised entity; the bank's MRM framework reads through to the fintech's models; the Warrant evidence package satisfies the bank's pass-through obligation.

The Warrant evidence package satisfies all four overlapping regimes simultaneously. The argument is set out in full at /blog/one-agent-many-jurisdictions. One AI agent. One evidence shape. Four US supervisors reading the same artefact against four different paragraphs of four different regimes. The artefact economy is the point.

12 · FAQ

Questions a CRO and OCC examiner ask first.

Does SR 11-7 apply to my fintech if i am not a bank?

Not directly. SR 11-7 binds bank holding companies, state member banks, US branches and agencies of foreign banking organisations, and other Federal Reserve, OCC, or FDIC supervised institutions. A non-bank fintech outside that perimeter is not directly bound. But where a bank partner is the chartered entity (BaaS, sponsor-bank, deposit network), the bank's model risk management framework reads through to the fintech's models under the Interagency Guidance on Third-Party Relationships (June 2023, Fed/OCC/FDIC) and SR 25-1. The supervisor reads the chain irrespective of who deploys the model.

What counts as a model under SR 11-7?

SR 11-7 § II defines a model as a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, or assumptions to process input data into quantitative estimates. The definition is intentionally wide. Under SR 26-2 the Federal Reserve confirmed that ML systems, decision trees, gradient boosters, neural networks, and large language models that produce decisions or recommendations all fall within the model definition. The OCC Comptroller's Handbook treats the definition as use-driven: if the output drives a bank decision, the artefact is a model.

Is an LLM a model or a tool?

Under SR 26-2 a large language model used to produce or shape a bank decision is a model. A general-purpose LLM used only for internal text drafting (summarising emails, formatting reports) without a decisioning role can be argued as a tool. The cleavage is whether the output flows into a credit, fraud, AML, suitability, or pricing decision. If yes, the four pillars attach; if no, the bank should still document the boundary so an examiner can find it.

How does SR 11-7 differ from CFPB AI guidance?

SR 11-7 is prudential model risk guidance applied through bank supervision. CFPB AI guidance (Circular 2022-03 on adverse action notices, 2023 guidance on chatbots, 2025 guidance on automated underwriting) is consumer protection guidance applied through enforcement under ECOA, FCRA, and the CFPA. The two run in parallel: an AI agent in a credit decision is in scope for SR 11-7 documentation and for CFPB adverse-action specificity. The Warrant evidence package is a record mapped to a specific regulatory obligation, satisfying both at the per-decision layer.

What does effective challenge mean for an AI agent?

SR 11-7 § V.B defines effective challenge as critical analysis by objective, qualified individuals who can identify model limitations and assumptions. For an AI agent, SR 26-2 expanded the operative reading to include alternatives-considered logging at runtime, not just at validation. The agent that emits one path through one tool with no record of the alternatives it weighed and discarded is the gap finding. The Warrant trace.actions[*].alternative_paths_considered field is the answer the examiner reads at horizontal review.

Can i rely on the foundation-model vendor system card for development documentation?

Partly. The vendor system card satisfies the foundation-model lineage component of § III.B development standards. It does not satisfy the bank's own development documentation: the agent's tool selection logic, prompt template, retrieval policy, scope of use, and limitations are bank artefacts and have to be documented at the bank. The OCC has historically read vendor model cards as necessary but not sufficient under § III.A, treating the integrating bank as the responsible model owner.

What is the trigger for re-validation of a deployed AI?

SR 11-7 § V.A.5 directs validation activities to continue on an ongoing basis after a model goes into use. Triggers under § V.A.5 include changes to the underlying model, changes to applications of the model, significant deterioration in performance, and changes in the population. Under SR 26-2 a foundation-model swap (a frontier model upgrade to a newer version, or a switch between providers), a prompt-template rewrite that broadens the use case, or a retrieval-corpus change that introduces new domains all read as triggers. Banks set the threshold per their MRM policy; examiners read the policy and the actual cadence against it.

How does SR 26-2 change my obligations versus SR 11-7 alone?

SR 26-2 carries the four pillars forward verbatim. The change is scope-explicit: agentic AI, LLM-driven decisioning, and retrieval-augmented systems are named as material models. Effective challenge expanded to include alternatives-considered logging at runtime. The OCC Comptroller's Handbook is referenced for examiner methodology. Practical effect: an AI agent that lacked a model inventory entry under SR 11-7 alone could be argued as out of scope; under SR 26-2 the same agent is named explicitly. The unmapped AI deployment is the next examination cycle's most likely MRA finding.

13 · READ THE SOURCE

Read the source directly.

Authored by Warrant Compliance, the regulatory-analysis function at Warrant. [email protected]. Editorial commentary on regulatory text. Not legal advice. Verbatim quotations of SR 11-7 reflect the official text of the Federal Reserve Supervisory Letter SR 11-7 dated April 4, 2011, carried forward in SR 26-2. The OCC Bulletin 2011-12 and FDIC FIL-22-2017 reproduce the same text under their respective supervisory authorities.

SR 11-7 + SR 26-2, line by line.