PRA Supervisory Statement SS1/23 Model Risk Management Principles for banks¶
| Regulator | Bank of England / PRA |
| Jurisdiction | Global |
| Status | live |
| Applicability | Platform |
The Bank of England Prudential Regulation Authority's Supervisory Statement on Model Risk Management Principles for banks, effective from May 2024. SS1/23 is the most modern and comprehensive single statement of model-risk expectations in any major jurisdiction, and is the first major supervisory text to address AI and machine-learning models explicitly throughout. The platform adopts SS1/23 as an internal build standard alongside SR 11-7.
Five principles¶
Principle 1 — Model identification and model risk classification. Every quantitative method or system used to make decisions must be identified and risk-classified; the definition is deliberately broad to capture ML and AI components.
Principle 2 — Governance. Board and senior-management ownership; clear model risk appetite; defined roles for owner, developer, user, validator.
Principle 3 — Model development, implementation and use. Documentation to reconstruction standard; robust development processes; controls on model use and overrides.
Principle 4 — Independent validation. Planned validation against each stage of the model lifecycle; proportionate to model risk; includes AI/ML-specific requirements for explainability and bias assessment.
Principle 5 — Model risk mitigants. Compensating controls where model risk cannot be eliminated; monitoring and escalation; model exit and decommissioning.
Why this matters for the platform¶
SS1/23 is the most stringent current standard and the natural ceiling to build to. Satisfying SS1/23 means satisfying SR 11-7, APRA, and RBNZ simultaneously, with material headroom. It also covers AI/ML model-specific requirements (explainability, drift, bias) that the other standards do not yet address explicitly — directly relevant to MOD-017, MOD-023, MOD-039, and MOD-055. Building to SS1/23 also positions the platform for the UK and Irish markets from the outset.
Policies referencing this standard¶
Compiled 2026-05-22 from source/entities/regulations/industry-pra-ss1-23.yaml