Updated Model Risk Management Guidance for OCC-Supervised Institutions
Summary
The OCC, in coordination with the Federal Reserve Board and FDIC, issued updated model risk management guidance for OCC-supervised institutions, rescinding three prior OCC bulletins and the Model Risk Management booklet of the Comptroller's Handbook. The guidance is non-enforceable and establishes risk-based, tailored principles commensurate with an institution's size and complexity. It applies most directly to banking organizations with over $30 billion in total assets and explicitly excludes generative AI and agentic AI models from its scope.
What changed
The OCC updated its model risk management guidance, replacing OCC Bulletin 2011-12, OCC Bulletin 2021-19, OCC Bulletin 1997-24, and the Model Risk Management booklet of the Comptroller's Handbook. The updated guidance emphasizes that model risk management should be risk-based, tailored, and commensurate with an institution's size, complexity, and extent of model use. The guidance highlights sound principles for effective model development, use, validation, monitoring, and governance, and also addresses vendor and third-party products.
Affected banking organizations, particularly those with over $30 billion in total assets, should note that this guidance is explicitly non-enforceable and non-compliance will not result in supervisory criticism. Institutions with significant model risk exposure should review the updated guidance even if below the asset threshold. Organizations utilizing vendor or third-party models should pay particular attention to the validation considerations discussed. A future interagency request for information on AI, including generative AI and agentic AI, is planned.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
News Release 2026-29 | April 17, 2026
OCC Issues Updated Model Risk Management Guidance
Share This Page:
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today, in coordination with the Board of Governors of the Federal Reserve System (Federal Reserve Board) and the Federal Deposit Insurance Corporation (FDIC), issued updated model risk management guidance for OCC-supervised institutions. These actions build upon the OCC’s ongoing efforts to tailor its supervisory framework to reduce unnecessary burden and promote risk-based examination across institutions of all sizes.
The updated guidance serves in part to rescind prior model risk management guidance and other issuances and to clarify that model risk management practices should be risk-based, tailored, and commensurate with a banking organization’s size, complexity, and extent of model use. The guidance does not set forth enforceable standards or prescriptive requirements, and non-compliance will not result in supervisory criticism.
This guidance highlights sound principles for effective model risk management. In particular, the guidance discusses the factors that influence model risk and the features of effective model development and model use; model validation and monitoring; and governance and controls. The guidance also discusses considerations specific to vendor and other third-party products, including validation of these products.
The updated guidance is expected to be most relevant to banking organizations with over $30 billion in total assets. However, the guidance may also be relevant to smaller institutions with significant model risk exposure due, for instance, to the prevalence and complexity of their models. In addition, generative AI and agentic AI models are novel and rapidly evolving. As such, they are not within the scope of this guidance.
The OCC is rescinding prior model risk management issuances, including OCC Bulletin 2011-12, “Supervisory Guidance on Model Risk Management,” OCC Bulletin 2021-19, “Bank Secrecy Act/Anti-Money Laundering: Interagency Statement on Model Risk Management for Bank Systems Supporting BSA/AML Compliance and Request for Information,” and OCC Bulletin 1997-24, “Credit Scoring Models: Examination Guidance,” including the Appendix, “Safety and Soundness and Compliance Issues on Credit Scoring Models,” as well as the “Model Risk Management” booklet of the Comptroller’s Handbook. The OCC, Federal Reserve Board, and FDIC plan to issue in the near future a request for information that addresses model risk management generally and considers, in particular, banks’ use of AI, including generative AI and agentic AI and AI-based models.
Related Link
Media Contact
Stephanie Collins
(202) 649-6870
Topic(s):
Related changes
Get daily alerts for OCC News RSS
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from OCC.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when OCC News RSS publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.