PRA SS1/23 — Model Risk Management Principles for Banks
PRA SS1/23 — Model Risk Management Principles for Banks — 83% covered.
6 requirements · 5 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Bank of England Prudential Regulation Authority Supervisory Statement SS1/23 sets five model risk management principles for banks: Principle 1 — model identification and model risk classification (a complete model inventory); Principle 2 — governance (board responsibility and a named SMF accountable for the MRM framework); Principle 3 — model development, implementation and use; Principle 4 — independent model validation; Principle 5 — model risk mitigants (restrictions on use, post-model adjustments, exception handling). SS1/23 explicitly brings AI/ML models — including dynamically recalibrating models — within scope. KYE Protocol™ governs whether a model-driven output may PROCEED to a consequential decision — register-resolved, validated, in approved scope, under a recorded named authority, with model changes as named-authority decisions with evidence and declared use-restrictions enforced at the action boundary. KYE does not develop or validate models, judge model quality, or perform the quantitative work. · License: SS1/23 is published by the Bank of England PRA and is publicly available; the KYE registry paraphrases each principle's intent and cites the official principle identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Model identification & inventory resolution (Principle 1) | 1 | 1 | 0 | 0 | 0 | 100% |
| Governance & named SMF accountability (Principle 2) | 1 | 1 | 0 | 0 | 0 | 100% |
| Model development, implementation & use incl. AI/ML (Principle 3) | 1 | 1 | 0 | 0 | 0 | 100% |
| Validation-status binding at the moment of use (Principle 4) | 1 | 1 | 0 | 0 | 0 | 100% |
| Model risk mitigants & restrictions on use (Principle 5) | 1 | 1 | 0 | 0 | 0 | 100% |
| Independent validation judgment & quantitative work on the merits | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
pra-ss1-23.principle1-model-inventory-resolution |
Principle 1 — every consequential model use resolves against a complete model inventory entry (identification & risk classification) | enforced | audit_events: kye.evidence.tool_call.v1, kye.replay.context_seal.v1, kye.evidence.pack.v1engines: internal, internalrule_packs: kye:rule-pack:model-risk-data-governancedictionaries: internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
pra-ss1-23.principle2-governance-named-authority |
Principle 2 — governance: model decisions proceed under recorded, named (SMF-accountable) authority | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:model-risk-data-governanceconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
pra-ss1-23.principle3-development-implementation-use |
Principle 3 — model development, implementation and use (incl. explicit AI/ML scope): use stays within approved scope at the action boundary | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1, kye.evidence.pack.v1engines: internal, internal, internalrule_packs: kye:rule-pack:model-risk-data-governanceconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/25-EDGE-GOVERNANCE.md |
pra-ss1-23.principle4-validation-status-binding |
Principle 4 — independent validation: the validation outcome and revalidation status are bound to every use at the moment of use | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.pack.v1, kye.replay.context_seal.v1engines: internal, internalrule_packs: kye:rule-pack:model-risk-data-governanceconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
pra-ss1-23.principle5-mitigants-restrictions |
Principle 5 — model risk mitigants: declared restrictions on use and exception handling enforced at the action boundary | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:model-risk-data-governanceconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/25-EDGE-GOVERNANCE.md |
pra-ss1-23.independent-validation-judgment |
Independent validation judgment, model quality assessment, and the quantitative work on the merits | out-of-scope | (no enforcement cited) |