SR 11-7 for AI agents.
The Fed's 2011 model risk guidance is the most useful AI-agent governance framework that already exists in US banking — because it was already about decisions, not just predictions. Here's how it maps when the model can act.
Published 2026-05-19 · reviewed 2026-05-19 · ~6-min read
The four classic model risk categories — extended
| SR 11-7 category | What it meant (2011) | What it means for agents (2026) |
|---|---|---|
| Methodology error | Wrong math, wrong assumption set | Wrong tool selection, wrong prompt strategy, wrong RAG corpus |
| Implementation error | Code bug, data pipeline bug | Adapter bug, system-prompt drift, schema mismatch |
| Use error | Model used outside its scope | Agent used beyond delegated authority — the canonical authority gap |
| Output error | Bad answer accepted into a decision | Bad answer + bad action — and the action has happened |
| Action error (new) | n/a | The agent did the right thing for the wrong reason / wrong principal / wrong scope. Replay-Proof™ exists because of this category. |
The three-line model
SR 11-7 §VI organises model risk governance into three lines of defence. For AI agents:
- First line — the business unit owning the agent. Designs the workflow, runs it day-to-day, owns the authority bindings.
- Second line — independent model risk management. Reviews methodology, validates outputs, monitors drift, owns the Assurance Card.
- Third line — internal audit. Re-derives decisions from Replay-Proof™ evidence packs. Tests effective challenge.
Effective challenge — the §IV cornerstone — is impossible without reproducible decisions. For non-AI models you could re-run the regression. For agents you need the evidence pack + the spec + the signatures. That's what Replay-Proof™ is.
Documentation expectations
SR 11-7 §V demands documented inventory, ongoing monitoring, change management. For agents the document set extends to:
- Authority lattice — what each agent may do, granted by whom, with what purpose, until when.
- Guard set — the runtime constraints that the agent runs under.
- Shadow-mode baseline — the known-good comparison metric before enforcement.
- Action log — every action taken by the agent, signed, hash-linked.
- Authority-gap report — periodic review of where the agent acted outside its authority and why.
How KYE Protocol™ maps
See the SR 11-7 clause-by-clause control mapping. Highlights:
- §III — Model inventory → Entity Engine (every model is a KYEID).
- §IV — Effective challenge → Decision Engine + Replay-Proof™.
- §V — Documentation + change → Operating Model + signed state-transition events.
- §V — Outcomes + monitoring → Drift cascade + Reconciliation Engine.
- §VI — Governance + roles → GovernedUI™ Action Approval (two-person + two-person-with-legal).