Agencies Issue Revised Model Risk Management Guidance
Summary
The FDIC, OCC, and Federal Reserve jointly issued revised model risk management guidance for banking organizations. The guidance clarifies that model risk management should be tailored to the size, complexity, and model risk profile of each organization, covering model development and use, validation, monitoring, governance, and third-party/vendor product considerations. The agencies explicitly state the guidance does not create enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism. FDIC simultaneously rescinded two prior guidance letters: FIL-22-2017 and FIL-27-2021.
“The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism.”
Banking organizations that rely on models for material business decisions—including credit decisioning, liquidity stress testing, fraud detection, and compliance functions—should compare their current model risk governance against the revised principles, particularly around third-party model validation and ongoing monitoring. Even though the guidance explicitly disclaims enforceability, it reflects the agencies' current supervisory expectations and may inform examination priorities.
What changed
The agencies updated their model risk management guidance, replacing prior supervisory expectations with a principles-based framework. Key changes include explicit recognition that model risk management requirements should scale with each banking organization's characteristics, expanded discussion of third-party and vendor model considerations, and consolidated governance standards. The guidance explicitly disclaims enforceability, clarifying it does not establish prescriptive requirements.
Banking organizations with model risk profiles—including banks using models for credit underwriting, risk scoring, stress testing, or BSA/AML compliance—should review their model risk governance frameworks against the revised principles. While non-compliance carries no supervisory consequences, the guidance reflects current supervisory expectations and may inform future examination findings.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Press Release: Agencies Issue Revised Model Risk Guidance
FDIC Subscriptions sent this bulletin at 04/17/2026 03:39 PM EDT
| # PRESS RELEASE | APRIL 17, 2026 |
| # Agencies Issue Revised Model Risk Guidance |
| WASHINGTON – The Federal Deposit Insurance Corporation (FDIC), along with the Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System, today issued revised model risk management guidance.
The revised guidance clarifies that model risk management should be tailored commensurately to the size, complexity, and model risk profile of a banking organization. To support banking organizations’ model risk management practices, the revised guidance highlights sound principles for effective model risk management—in particular, by discussing the factors that influence model risk and the features of effective model development and model use; model validation and monitoring; and governance and controls. The revised guidance also discusses considerations specific to vendor and other third-party products, including validation of these products. The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism.
In connection with the release of this guidance, the FDIC is rescinding FIL-22-2017, Adoption of Supervisory Guidance on Model Risk Management, and FIL-27-2021, Bank Secrecy Act: Agencies Address Model Risk Management for Bank Models and Systems Supporting Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Compliance. |
| # # #
ATTACHMENT:
MEDIA CONTACT:
| The FDIC does not send unsolicited email. If this publication has reached you in error, or if you no longer wish to receive this service, please . |
CONNECT WITH US
| # PRESS RELEASE | APRIL 17, 2026 | # Agencies Issue Revised Model Risk Guidance | WASHINGTON – The Federal Deposit Insurance Corporation (FDIC), along with the Office of the Comptroller of the Currency and the Board of Governors of the Federal Reserve System, today issued revised model risk management guidance.
The revised guidance clarifies that model risk management should be tailored commensurately to the size, complexity, and model risk profile of a banking organization. To support banking organizations’ model risk management practices, the revised guidance highlights sound principles for effective model risk management—in particular, by discussing the factors that influence model risk and the features of effective model development and model use; model validation and monitoring; and governance and controls. The revised guidance also discusses considerations specific to vendor and other third-party products, including validation of these products. The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism.
In connection with the release of this guidance, the FDIC is rescinding FIL-22-2017, Adoption of Supervisory Guidance on Model Risk Management, and FIL-27-2021, Bank Secrecy Act: Agencies Address Model Risk Management for Bank Models and Systems Supporting Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Compliance. | # # #
ATTACHMENT:
MEDIA CONTACT:
mediarequests@fdic.gov | The FDIC does not send unsolicited email. If this publication has reached you in error, or if you no longer wish to receive this service, please . |
| # PRESS RELEASE | APRIL 17, 2026 |
| # Agencies Issue Revised Model Risk Guidance |
The revised guidance clarifies that model risk management should be tailored commensurately to the size, complexity, and model risk profile of a banking organization. To support banking organizations’ model risk management practices, the revised guidance highlights sound principles for effective model risk management—in particular, by discussing the factors that influence model risk and the features of effective model development and model use; model validation and monitoring; and governance and controls. The revised guidance also discusses considerations specific to vendor and other third-party products, including validation of these products. The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism.
In connection with the release of this guidance, the FDIC is rescinding FIL-22-2017, Adoption of Supervisory Guidance on Model Risk Management, and FIL-27-2021, Bank Secrecy Act: Agencies Address Model Risk Management for Bank Models and Systems Supporting Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control Compliance. |
| # # #
ATTACHMENT:
MEDIA CONTACT:
| Questions for FDIC? Contact Us
Subscriber Services:
Manage Preferences | | Help |
Related changes
Get daily alerts for FDIC Press Releases RSS
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from FDIC.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when FDIC Press Releases RSS publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.