Basel Governance Hub — model authority & risk-data lineage, provable on demand.
Three banking-supervision regimes converge on one question: can you prove it? Which exact model version produced the number (Fed SR 11-7, PRA SS1/23), and can the risk report’s data lineage be reconstructed end-to-end (BCBS 239)? This hub maps all 14 BCBS 239 principles to the KYE™ artefact, event family, and verification gate that binds each — honest tri-state, out-of-scope rows included — shows the SR 11-7 / SS1/23 model-authority lifecycle step by step, and lets you run a live risk-report lineage proof with a real SHA-256 computed in your browser.
Per-requirement registers: BCBS 239 · Fed SR 11-7 · PRA SS1/23. Productised as the KYE Model & Risk-Data Governance Pack™.
BCBS 239 — all 14 principles, one row each
Honest tri-state: Enforced rows cite the runtime artefact, the evidence events, and the verification gate that bind them. Out of scope rows name who owns the obligation instead — coverage is never inflated. The bank’s data estate, the report’s substance, and the supervisor-addressed principles stay honestly outside an AI-authority and evidence layer.
| Principle | Status | KYE™ artefact | Event family | Verification gate |
|---|---|---|---|---|
P1 Governance | Enforced | Named-authority decision on every report filing (Authority Gate + Decision Map™) | kye.purpose.request.v1 · kye.purpose.admissibility.v1 · kye.evidence.decision_map.v1 | self-governance-coverage |
P2 Data architecture & IT infrastructure | Out of scope — bank | The data warehouses, golden sources, and integration estate are the bank’s own data and technology function | — | — |
P3 Accuracy & integrity | Enforced | Risk-report data-lineage evidence chain — sources, transformations with actor + timestamp, integrity hash (Evidence Pack™) | kye.evidence.decision_map.v1 · kye.evidence.pack.v1 · kye.replay.context_seal.v1 | audit-chain-emission-coverage |
P4 Completeness | Enforced | Lineage enumeration of every source, book, and entity aggregated — omissions visible, exclusions recorded with basis | kye.evidence.decision_map.v1 · kye.evidence.pack.v1 | audit-chain-emission-coverage |
P5 Timeliness | Out of scope — bank | Crisis-speed aggregation capability is a property of the bank’s data architecture and operations | — | — |
P6 Adaptability | Enforced | Deterministic replay of the sealed lineage chain answers ad hoc supervisory drill-downs — same bytes, offline-verifiable (Replay-Proof™) | kye.replay.context_seal.v1 · kye.replay.proof.v1 · kye.evidence.pack.v1 | audit-chain-emission-coverage |
P7 Reporting accuracy | Enforced | Provenance pin on every embedded model output — model_id + version + validation reference — plus the report’s integrity hash | kye.evidence.tool_call.v1 · kye.evidence.pack.v1 · kye.replay.context_seal.v1 | audit-chain-emission-coverage |
P8 Comprehensiveness | Out of scope — bank | Judging which risks are material and whether the report covers them is the bank’s risk function’s own judgment | — | — |
P9 Clarity & usefulness | Out of scope — bank | The report’s editorial quality is the bank’s reporting function’s own craft | — | — |
P10 Frequency | Enforced | Sealed, WORM-retained production timestamps make the achieved cadence a deterministic query, not an assertion | kye.evidence.pack.v1 · kye.replay.context_seal.v1 | audit-chain-emission-coverage |
P11 Distribution | Enforced | Each distribution recorded as evidence — report hash, recipients, timestamp, distributing authority | kye.evidence.decision_map.v1 · kye.evidence.pack.v1 | audit-chain-emission-coverage |
P12 Supervisory review | Out of scope — supervisor | Addressed to supervisors; the sealed evidence chains support the bank’s side of the review | — | — |
P13 Remedial actions & measures | Out of scope — supervisor | Choosing and applying supervisory measures is the supervisor’s function; the remediation programme is the bank’s | — | — |
P14 Home / host cooperation | Out of scope — supervisor | Regulator-to-regulator cooperation sits entirely outside the bank’s systems | — | — |
7 of 14 principles carry an engine-backed enforced binding; 7 are honestly out of scope with the owning role named. Full per-requirement register at /compliance/bcbs-239.html.
SR 11-7 / SS1/23 — the model-authority lifecycle
Fed SR 11-7 and PRA SS1/23 (Principles 1–5, explicitly including AI/ML models) govern the model lifecycle. KYE™ binds the authority and evidence at each step — the quantitative work at every step stays the bank’s own.
| Lifecycle step | Whose authority | KYE™ binding & evidence |
|---|---|---|
| Develop | Bank’s quant / model-development team | Out of scope for KYE™ — the build, the mathematics, and the data science are the bank’s own. The model enters governance when it is registered: a model register entry (identifier, owner, intended scope) becomes the authority-bearing record every later step resolves against (SS1/23 Principle 1). |
| Validate | Bank’s independent validation function | The validation judgment is out of scope — KYE™ binds its OUTCOME: the validation reference (which validation, by whom, valid until) is recorded on the register entry and sealed into evidence, so every later reliance can prove the validation that was in force (SR 11-7 §V; SS1/23 Principle 4). Events: kye.evidence.decision_map.v1 · kye.evidence.pack.v1. |
| Approve | Named model owner / model risk officer (SMF-accountable under SS1/23) | Approval of the model and its scope of use is a recorded named-authority decision — the approver, the approved scope, the conditions. The accountability stays personal and named; it does not transfer to the model. Events: kye.purpose.request.v1 · kye.purpose.admissibility.v1 · kye.evidence.decision_map.v1. Gate: self-governance-coverage. |
| Use | Named authority per consequential decision | A model-driven output proceeds to a consequential decision only when the register resolves: current validated status + use within approved scope + a provenance pin (model_id + exact version + validation reference) on the decision. An untraceable or out-of-scope output is refused with model_use_authority_block / model_decision_provenance_pin_block. Events: kye.evidence.tool_call.v1 · kye.replay.context_seal.v1 · kye.evidence.pack.v1. Gate: audit-chain-emission-coverage. |
| Change | Named model owner / model risk officer | A re-estimation, recalibration, AI/ML retrain, or production swap takes effect only as a recorded named-authority decision — from/to versions, rationale, revalidation outcome or interim-use restriction. The silent recalibration is refused with model_change_authority_block (SR 11-7 §VI; SS1/23 Principles 2 & 3). Events: kye.purpose.request.v1 · kye.evidence.decision_map.v1 · kye.evidence.pack.v1. |
Per-requirement registers: /compliance/fed-sr-11-7.html · /compliance/pra-ss1-23.html.
Live demo — risk-report lineage proof
A sample board credit-risk report from a fictional bank (Acme Capital Group; its largest counterparty, Globex Industrial Holdings — both fictional). The page assembles the report’s lineage evidence chain — sources, transformations, embedded model outputs — and seals it with a real SHA-256 over canonical JSON, computed in your browser. Then tamper with the headline figure and re-verify: the recomputed hash no longer matches the seal, and the filing is refused.
Lineage evidence chain
Sealed lineage hash
computing…
Evidence pack (canonical JSON is what gets hashed)
Honest scope. KYE Protocol™ proves the authority and lineage of the model-driven work — it does not build or validate the quantitative models, compute capital or liquidity ratios, judge model quality, or advise on portfolio composition. The sample figures above are fictional demonstration data, not financial analysis and not investment advice.