On April 17, 2026, the Federal Reserve Board (FRB), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) jointly issued revised interagency guidance on model risk management (MRM), formally rescinding the original 2011 guidance, the interagency equivalents and other model risk-related guidance from the three agencies.1 This represents a broader shift toward principles-based, risk-proportionate regulatory expectations across an increasingly diverse and evolving financial services industry. The industry is facing rapid proliferation of generative and agentic artificial intelligence (AI) models, which were intentionally excluded from scope, where regulators committed to issue a forthcoming Request for Information on AI models.

The new guidance provides a risk-based and proportionate framework that enables banking organisations to tailor model risk management practices and reduces situations where regulators will intervene.2 As such, banking organisations are expected to tailor their MRM framework to their size, complexity and the nature of their model use, rather than applying a single prescriptive standard. The agencies have stated that non-compliance with the guidance alone will not trigger supervisory criticism, although supervisory action remains possible where deficiencies rise to the level of legal violations or unsafe or unsound MRM practices. For boards, CROs and CFOs, this shift represents more than a compliance milestone: Banking organisations that implement an effective, risk‑based MRM framework will be better positioned to concentrate on the most material risks while navigating the growing complexity of advanced analytics, machine learning (ML) and AI.