← Frameworks / Model Risk Management

PRA Supervisory Statement SS1/23 — Model Risk Management

UK Prudential Regulation Authority supervisory statement setting expectations for model risk management at banks, building societies, and PRA-designated investment firms. 5 principles covering model identification and classification, governance (board accountability, model risk committee, independent validation), model development and implementation (documentation, testing, performance monitoring), model use and ongoing monitoring, and risk mitigation and reporting. Effective 17 May 2024 with proportionate application.

Clauses: 26

Avg Coverage: 44.0%

Publisher: Prudential Regulation Authority (PRA) Version: 2023 (effective 2024)

PRA SS1/23 → SP 800-53 SP 800-53 → PRA SS1/23 Coverage Analysis

Clause	Title	SP 800-53 Controls
P-IT.1	Access controls on model code, parameters, and execution environments	AC-01 AC-02 AC-03 AC-05 AC-06 AC-17 AC-24 IA-02 IA-04 IA-05
P-IT.2	Audit trails of model runs, parameter changes, and approvals	AU-01 AU-02 AU-03 AU-06 AU-07 AU-08 AU-09 AU-10 AU-11 AU-12 AU-14
P-IT.3	IT infrastructure supporting model execution environments	CM-02 CM-06 CM-08 CP-02 CP-07 CP-09 CP-10 SC-02 SC-07 SC-28 PE-01 PE-02 PE-03
P1.1	Model identification and model inventory	CM-08 CM-12 CM-13 PM-05 RA-02 RA-09 PL-02
P1.2	Model risk classification and tiering	RA-02 RA-03 RA-09 PM-09 PM-11
P1.3	Scope and definition of models subject to MRM framework	PM-11 PL-02 PL-08 CM-08 SA-04
P2.1	Board and senior management accountability for MRM	PM-01 PM-02 PM-03 PM-09 PM-13 PM-29 PL-01 PS-01
P2.2	Three lines of defence for model risk management	AC-05 PM-01 PM-02 PM-10 CA-01 CA-02 CA-06 PS-02 PS-07
P2.3	MRM policy, standards, and procedures	PL-01 PL-02 PL-04 PM-01 PM-10 PM-14 AT-01 AT-02 AT-03
P2.4	Roles and responsibilities — model owners, developers, validators, users	PS-01 PS-02 PS-03 PS-06 PS-07 PS-09 AC-02 AC-05 AC-06
P3.1	Model development standards and documentation	SA-03 SA-05 SA-08 SA-10 SA-15 SA-17 PL-08 CM-01
P3.2	Data quality and integrity for model inputs	SI-01 SI-06 SI-07 SI-10 SI-11 SI-12 SI-15 CM-12 CM-13 AU-02 AU-03 AU-10
P3.3	Model implementation controls — code review, testing, version control	SA-10 SA-11 SA-15 SA-16 CM-02 CM-03 CM-04 CM-05 CM-06 CM-09 AC-03 AC-06 AU-12
P3.4	Model change management	CM-03 CM-04 CM-05 CM-09 SA-10 CA-06 AU-02 AU-06 AU-12
P3.5	Model limitations and assumptions documentation	SA-05 SA-17 PL-02 RA-03 PM-09
P3.6	Model use — ensuring models used within intended purpose	PL-04 AT-02 AT-03 AC-03 AC-06 PM-11 AU-06
P4.1	Independent model validation — scope, frequency, and depth	CA-02 CA-07 CA-01 AC-05 PM-14
P4.2	Challenger models and benchmarking	CA-02 SA-11 CA-08
P4.3	Validation of model inputs, processing, and outputs	SI-06 SI-07 SI-10 SA-11 AU-02 AU-03
P4.4	Post-model adjustments and expert overlays governance	AU-02 AU-03 AU-10 CM-03 AC-06
P4.5	Validation findings tracking and remediation	CA-05 PM-04 PM-06 RA-07 AU-06
P5.1	Compensating controls for model limitations	PM-09 RA-03 RA-07 CA-05 PL-02 PL-10 PL-11
P5.2	Model performance monitoring — backtesting and outcome analysis	CA-07 SI-04 SI-06 PM-06 PM-14 AU-06
P5.3	Escalation and early warning indicators	IR-01 IR-04 IR-06 SI-04 SI-05 AU-05 PM-14
P5.4	Stress testing of models	CP-04 RA-03 PM-09 CA-08
P5.5	Model retirement and decommissioning	CM-03 CM-08 SA-03 AU-11 SI-12 MP-06