PRA Issues Supervisory Statement SS1/23: Model Risk Management Principles For Banks

PRA Issues Supervisory statement SS1/23: Model Risk management principles for banks - CIMCON Software

3 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Cimcon

Uploaded on Jan 22, 2026

Category Technology

The Prudential Regulatory Authority’s SS1/23 outlines mandatory model risk management principles for UK banks, effective May 2024. This blog breaks down the five core principles, key MRM requirements, and next steps for aligning with the new standards.

Category Technology

Comments

PRA Issues Supervisory statement SS1/23: Model Risk management principles for banks - CIMCON Software
PRA Issues
Supervisory
Statement
SS1/23: Model
Risk
Management
Principles for
Banks
Author: Adrian Maconick, Director of UK
Sales and Marketing
The Prudential Regulatory Authority (PRA) has issued a new supervisory
statement (SS) – “Model risk management principles for banks” in May
2023. It sets out the PRA’s expectations for banks model risk
management (MRM) and is effective from 17 May 2024. Banks will need
to move quicky to have revised MRM processes in place by then.
The SS applies to all regulated UK-incorporated banks, building
societies, and PRA-designated investment firms.
Although most banks have MRM processes in place this is the first time
that the PRA has provided detailed mandatory requirements for MRM.
Even sophisticated banks will need to make changes to ensure their
MRM process is consistent with the SS.
This blog entry summarizes the SS and suggests next steps for
implementing SS1/23.
The document provides a discussion of key model risk ideas such as
the definition of a model and model risk. It then details five core
principles that banks need to follow.
In the background section, the following items are discussed:
Use of models
The relationship between quantitative methods and
model
The nature and consequences of Model risk
MRM and the model
lifecycle
Organisational structures validation and control functions
Core principles
The core principles are:
• Principle 1 – Model identification & model risk classification:
Firms should have a formal definition of a model and maintain a
detailed inventory of models. This should include risk assessment
and detailed documentation such as the purpose of the model, its
assumptions, validation documentation and who is responsible for
the model.
• Principle 2 – Governance: MRM is the responsibility of the board and
they must promote understanding of model risk, set the risk appetite,
receive and challenge regular reports on model risk. The principles clarify
the roles of SMFs who will be closely involved.
There should be detailed policies and procedures and the SS provides a
list of the key ones. Roles and responsibilities must be defined covering
the entire modeling lifecycle.
There are also detailed requirements for internal audit and management of
outsourced models.
• Principle 3 – Model development, implementation and use:
Principle 3 provides detailed guidance on the development of models
including design, use of data such market data, the development
process, model development testing e.g. back testing and model
development documentation. It also defines requirements for model
adjustments especially where expert judgement is required.
• Principle 4 – Independent model validation: Firms are required
to have an independent validation process responsible for
independent review and revalidation of models. This includes process
verification and model performance monitoring.
• Principle 5 – Model risk mitigants: Where models may be under-
performing there should be appropriate policies and procedures. The
document sets out detailed requirements for post-model
adjustments. Where appropriate firms should place restrictions on
models that have deficiencies. There should also be an escalation
process to ensure that stakeholders are aware of issues.
Next steps
Most banks affected by the SS will already have in place a MRM process.
However, they need to make sure that their processes are fully aligned
with the statement.
The PRA expects banks to conduct an initial self-assessment of their current
MRM frameworks so this is a logical place to start. In upcoming blog posts,
we will look at the implementation challenges in more detail.
About Us
Established in 1988, CIMCON Software, LLC is a pioneer in end-user
computing and model risk management, serving over 800 companies
across industries. Recognized by Gartner, Insurance ERM, and others as a
top risk management vendor, CIMCON brings 25+ years of experience and
industry best practices to support AI & GenAI readiness and governance.
With the largest global installed base, our feature-rich, extensively tested
solutions offer unmatched depth, support, and reliability.
Contact Us
Boston (Corporate Office)
+1 (978) 692-9868
234 Littleton Road Westford, MA 01886,
USA
New York
+1 (978) 496 7230
394 Broadway New York, NY 10013
THANK
YOU