OSFI Guideline E-23 — Model Risk Management
OSFI Guideline E-23 — Model Risk Management
OSFI Guideline E-23 — Model Risk Management — 81% covered.
4 requirements · 3 enforced · 0 designed · 1 advisory · 0 deferred.
Source: Office of the Superintendent of Financial Institutions, Guideline E-23 Model Risk Management (revised final, effective 1 May 2027). Enterprise-wide model risk management across the model lifecycle: model inventory + risk rating, development and validation with independent challenge, ongoing monitoring, and clear roles and accountability — with the model definition expanded to capture AI/ML methods.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Model inventory + risk rating | 1 | 1 | 0 | 0 | 0 | 100% |
| Development + independent validation | 1 | 0 | 0 | 1 | 0 | 25% |
| Ongoing monitoring | 1 | 1 | 0 | 0 | 0 | 100% |
| Roles + accountability | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
osfi-e-23.inventory |
Model inventory + risk rating: maintain an enterprise-wide inventory of models, including AI/ML methods, each assigned a model-risk rating | enforced | audit_events: kye.risk.authority_register.v1, kye.assurance.risk_assessment.v1engines: internal, internalconstitution_refs: constitution/51-NO-SPOF.md, constitution/14-AGENTS-AND-ENGINES.md |
osfi-e-23.validation |
Development + validation: subject models to independent validation and effective challenge proportionate to their risk rating before and during use | advisory | audit_events: kye.evidence.decision_map.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:investment-decision-authorityconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
osfi-e-23.monitoring |
Ongoing monitoring: monitor model performance and limitations on a continuing basis and act on material deterioration | enforced | audit_events: kye.assurance.risk_assessment.v1, kye.purpose.admissibility.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
osfi-e-23.accountability |
Roles + accountability: establish clear roles, responsibilities and accountability across the model lifecycle | enforced | audit_events: kye.compliance.attestation.v1, kye.evidence.decision_map.v1engines: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/21-DELEGATED-AUDITABILITY.md |