Resource · SR 11-7 + AI for Community Banks
SR 11-7 model risk management for community banks using AI — what examiners now expect.
FRB SR 11-7 was written in 2011 for traditional statistical models. The 2024-2026 FFIEC, OCC, FDIC, and CFPB guidance update has made it explicitly applicable to foundation models, vendor LLMs, and AI-augmented credit, BSA/AML, fraud, and customer-service systems — without rewriting the framework. This page translates SR 11-7 to AI at a $1-10B AUM US community bank or community-bank-aligned credit union: the four pillars, eight failure modes, a sample tiered model inventory, validation expectations by tier, the 90-day runbook, and the eight examiner questions you should be ready to answer.
Law firms and Big 4 write the memo. The MSSP runs the controls. EFROS operates the AI Governance program inside the bank — inventory, tier classification, output-based validation, fair-lending testing, drift monitoring, and the examiner exhibit package — under one accountable SLA.
The framework, translated
What SR 11-7 actually requires when the model is a foundation model
FRB SR 11-7 defines model risk as the risk of adverse consequences from decisions based on incorrect or misused model output. The 2011 framework was written for traditional statistical models — logistic regression credit scorecards, rules-based BSA/AML monitoring, parametric stress testing. When the model is a foundation model the bank did not train, the framework does not change — but each of the four pillars requires a translation.
The four pillars below are the SR 11-7 §III-V structure with the AI-specific translation an examiner now expects.
Model development
SR 11-7 expects documented design rationale, data lineage, conceptual soundness review, and developer-side testing. For a foundation model the bank did not train, this collapses to vendor-supplied model cards, training-data attestation, and the bank's own intended-use documentation. The gap: most community banks accept the vendor PDF as gospel — examiners now want the bank's own conceptual-soundness write-up explaining why the model is appropriate for this institution's portfolio.
Model implementation and use
Documented integration testing, user-acceptance criteria, change-control procedures, and ongoing-use guardrails. For AI this means prompt templates, retrieval boundaries, escalation thresholds, and human-review checkpoints — captured as artifacts a vendor manager can produce on demand. The frequent miss: GenAI tools deployed by a line-of-business owner with no change-control ticket and no defined intended-use boundary.
Model validation
Independent review by qualified parties not involved in development. SR 11-7 §V calls out three components: evaluation of conceptual soundness, ongoing monitoring (process verification + benchmarking), and outcomes analysis (back-testing). For a Tier 1 vendor LLM, the bank cannot validate model weights — but CAN validate model outputs against a labeled benchmark set quarterly. That output-based validation is what examiners now accept in lieu of impossible weight validation.
Model risk governance
Board-level policy, tiered approval workflows, model inventory, role separation between developers/users/validators, and documented escalation. AI does not require a new governance structure — it requires extending the existing one. The most common 2024-2026 examiner finding is that the bank's existing model risk policy does not reference AI/ML or foundation models at all, so the AI tools are operating outside formal model risk governance.
OCC + FDIC + Fed + CFPB on AI
The converging regulatory guidance on AI in community banks
No US regulator has issued an AI-specific rule for banks. Instead, the FFIEC agencies have collectively clarified that existing model risk, third-party risk, fair-lending, and BSA/AML guidance is the authority — and AI is in scope. Cite these seven sources in the bank's model risk policy and TPRM file.
FRB SR 11-7 (2011)
View source →Supervisory guidance on model risk management. The foundational framework: model risk has two sources — model error and model misuse — and must be managed across the lifecycle with documented validation, governance, and ongoing monitoring.
OCC Bulletin 2011-12
View source →OCC parallel guidance to SR 11-7 — substantively identical model risk expectations applied to national banks and federal savings associations. Practically: if the bank is OCC-supervised, citing OCC 2011-12 in the model risk policy is mandatory.
FDIC FIL-13-2024
View source →Third-party risk management interagency guidance reissued in 2024 with explicit applicability to AI/ML vendors. The bank remains responsible for risks arising from third-party AI systems — vendor-handled validation does not transfer the obligation.
FFIEC 2024 Interagency Statement on AI
View source →FRB, OCC, FDIC, NCUA, and CFPB joint statement applying existing model risk, third-party risk, fair-lending, and BSA/AML guidance to AI use. No new framework — an explicit clarification that existing guidance is the authority and AI is in scope.
OCC Semiannual Risk Report 2024 Q2
View source →OCC's AI section flags model risk management, third-party concentration risk in vendor LLMs, and fair-lending exposure as the three priority examination focus areas for 2024-2026 cycles.
CFPB Circular 2023-03
View source →Adverse-action notice requirements under ECOA/Reg B apply to AI credit decisions — creditors cannot rely on the complexity of the model as justification for failing to provide specific principal reasons for denial. Vendor explainability output must map to actionable reasons.
CFPB Spring 2024 Supervisory Highlights
View source →Fair-lending findings against AI-augmented underwriting including disparate-impact exposure in models that proxy protected-class variables (e.g., ZIP-code-based features correlated with race). The methodology baseline for ongoing fair-lending exams through 2026.
Where AI breaks SR 11-7 expectations
Eight failure modes at the community-bank scale
These are the specific patterns producing 2024-2026 examiner findings and consent-order language at community banks. Each maps to a documented control EFROS implements as part of the AI Governance retainer.
Vendor LLM the bank cannot independently validate
Plaid, Unit21, Hummingbird, and similar fintech AI vendors run black-box foundation models the bank has no access to. SR 11-7 §V validation cannot be performed against model weights. The acceptable substitute: output-based validation against a labeled benchmark dataset run quarterly by an independent reviewer.
GenAI customer-service deflection with unmonitored fair-lending exposure
Chatbots and IVR-routing AI that deflect or pre-screen account inquiries can systematically deprioritize protected-class customers if the upstream NLP model has training-data bias. ECOA/Reg B applies to any communication that affects access to credit — chatbot responses included.
AI-augmented BSA/AML transaction scoring
ML-driven AML alerting that reduces false-positive review burden also introduces disparate-impact risk: features correlated with protected-class membership can systematically over-alert specific demographics. FinCEN scrutiny on AI-driven AML is increasing; the bank needs documented bias-testing methodology.
Credit scoring with vendor AI — adverse-action explainability gap
FCRA §615 + ECOA/Reg B require specific principal reasons for adverse credit action. Vendor AI explanation outputs (SHAP values, feature attributions) frequently fail the specificity test. CFPB Circular 2023-03 forecloses the 'our model is too complex to explain' defense.
Marketing segmentation with AI that creates redlining exposure
Look-alike audience targeting and AI-driven product recommendation can functionally redline: if the model preferentially shows credit products to ZIP codes correlated with race, it triggers Reg B prohibition on discouragement. Marketing platforms claiming AI-driven personalization need fair-lending review.
Voice biometrics for authentication with accent/dialect bias
Voice-based authentication models trained predominantly on standard American English exhibit elevated false-reject rates for accented speech. The operational result: protected-class customers face disproportionate authentication friction, which is a Section 5 unfairness issue and an ECOA discouragement issue.
AI-generated commercial loan officer summaries masking underwriting drift
LLM-generated credit memos and relationship summaries can produce confident-sounding output that subtly diverges from underwriting policy over time. Without periodic comparison against actual underwriting outcomes, the bank loses visibility into model drift in the human-AI loop.
Fraud detection model drift without a retraining cadence
Fraud patterns shift faster than annual model reviews. A fraud model deployed in Q1 with a 99.2% AUC commonly drifts to 96-97% by Q4 as adversaries adapt. SR 11-7 ongoing-monitoring expectations require documented performance thresholds and a retraining trigger — most community banks have neither.
Sample model inventory · $3B community bank
What an SR 11-7-compliant AI model inventory looks like
A representative model inventory from a $3B AUM community bank with eight AI/ML systems in production. Note the mix: traditional internal models alongside vendor AI and GenAI copilots, with tier classification driving validation cadence. This is the artifact an FFIEC examiner will ask to see first.
| Model ID | Vendor | Tier | Use case | Validation cadence | Owner | Status |
|---|---|---|---|---|---|---|
| MDL-001 | Internal · Logistic regression | Tier 1 | Consumer credit decisioning | Annual independent validation | CRO | Validated 2025-Q3 |
| MDL-002 | Unit21 | Tier 1 | BSA/AML transaction monitoring (AI-augmented) | Annual + quarterly output validation | BSA Officer | Output validation 2025-Q4 |
| MDL-003 | Plaid (income verification AI) | Tier 2 | Credit underwriting income verification | Annual output validation | CRO | Validation due 2026-Q2 |
| MDL-004 | Internal · Gradient boosted trees | Tier 1 | Card fraud detection | Quarterly performance + annual review | Fraud Ops | Drift retraining 2026-Q1 |
| MDL-005 | Microsoft 365 Copilot | Tier 3 | Internal productivity assistance | Annual policy review | CIO | Policy reviewed 2025-Q4 |
| MDL-006 | Vendor IVR — voice biometrics | Tier 2 | Customer authentication | Semi-annual bias testing | Compliance | Bias test 2025-Q4 |
| MDL-007 | Internal · Retrieval-augmented LLM | Tier 2 | Commercial loan officer credit memo drafting | Annual + quarterly outcome sampling | Commercial Lending | Pending tier-up review |
| MDL-008 | Marketing platform AI segmentation | Tier 2 | Marketing segmentation / product recommendation | Annual fair-lending review | Marketing + Compliance | Fair-lending review 2026-Q1 |
Tier classifications follow the section below. EFROS maintains the live inventory as a managed artifact updated quarterly under the AI Governance retainer, with board-grade reporting on inventory changes, validation status, and remediation.
Validation expectations by tier
What "Tier 1 high-risk validation" actually means for a community bank
SR 11-7 does not prescribe specific validation techniques — it requires validation appropriate to the risk. For a community bank with limited internal model-risk staff, the tier system below produces a proportionate, defensible program that survives an FFIEC exam.
Tier 1 — High risk
DefinitionModels with material impact on credit, capital, BSA/AML, or consumer outcomes. Includes vendor AI used for credit decisioning, AML transaction monitoring, and any model whose output substantially informs a regulated decision.
ExpectationIndependent validation by qualified third party (not the developer, not the user) at least annually. Documentation must cover conceptual soundness, performance testing against labeled benchmark data, ongoing monitoring evidence, and outcomes analysis. Validation report must survive examiner walkthrough — including evidence the validator was qualified and independent.
Tier 2 — Moderate risk
DefinitionModels that inform decisions but where a human reviewer materially intermediates the output. Includes AI-augmented underwriting where a loan officer signs the final decision, voice biometrics with fallback authentication, LLM-drafted credit memos reviewed by a human.
ExpectationValidation by internal qualified reviewer (separation of duties from developer/user) is acceptable. Annual review is minimum cadence; quarterly output sampling is the typical examiner expectation. Documentation must show the human-in-the-loop control is operating effectively, not just present on paper.
Tier 3 — Limited risk
DefinitionGeneral-purpose productivity AI with no direct consumer-facing or credit-decisioning use. Microsoft 365 Copilot for internal documents, Otter.ai for meetings, general-purpose chatbots restricted to non-customer-facing scenarios.
ExpectationPolicy-level governance suffices: documented acceptable-use policy, DLP boundaries, audit-log retention, and annual policy review. No independent validation required, but the system MUST be in the model inventory with a documented Tier 3 rationale.
The 90-day SR 11-7 + AI runbook
From inventory to examiner exhibit package in 90 days
Twelve tasks across three phases. Each task names the owner (CRO, CIO, Compliance, Vendor Manager, or Board) and the evidence artifact the task produces. Designed to integrate with the bank's existing model risk policy and FFIEC examination cycle rather than running as a parallel program.
Build the AI model inventory
WhatSurvey every AI/ML system in production. Include core-banking-embedded ML, vendor LLMs, GenAI copilots, and AI-embedded SaaS (CRM, marketing, BSA/AML). Capture: model ID, vendor, intended use, data flow, decision impact, owner.
OwnerCIO + CRO
Evidence artifactAI model inventory spreadsheet with one row per model.
Assign tier classifications
WhatApply Tier 1/2/3 classification per model with documented rationale. Tie classification to consumer-facing impact, credit/capital materiality, and BSA/AML role. Get written sign-off from CRO and Compliance.
OwnerCRO + Compliance
Evidence artifactTier classification memo per Tier 1 and Tier 2 model with rationale and sign-off.
Extend model risk policy to cover AI
WhatEdit the bank's existing SR 11-7 implementation policy to explicitly include foundation models, vendor LLMs, and AI/ML systems. Add tier definitions and AI-specific validation expectations. Board-approve the update.
OwnerCRO
Evidence artifactBoard-approved updated model risk management policy with AI scope language.
Inventory third-party AI vendor population
WhatCross-reference the AI inventory with the TPRM vendor list. Flag every AI vendor that needs TPRM documentation updates per FDIC FIL-13-2024. Document data flows for any vendor processing customer information.
OwnerVendor Manager
Evidence artifactAI vendor TPRM gap list with remediation owner and due date per vendor.
Define the validation methodology
WhatPer Tier 1 model, document the validation approach: conceptual soundness review, performance benchmark dataset, outcomes analysis, ongoing-monitoring thresholds. For vendor LLMs, define the output-based validation protocol since weight-level validation is not feasible.
OwnerCRO + independent validator
Evidence artifactValidation methodology document per Tier 1 model.
Execute independent validation on Tier 1 models
WhatRun the validation methodology end-to-end on every Tier 1 model. For vendor AI, this is output-based validation against a held-out labeled benchmark. Document findings, remediations, and management response.
OwnerIndependent validator + CRO
Evidence artifactValidation report per Tier 1 model with findings and management response letter.
Adverse-action notice review for AI credit decisioning
WhatPer CFPB Circular 2023-03, audit the adverse-action notice content generated when AI rejects a credit application. Verify specific principal reasons are produced and meet ECOA/Reg B specificity. Engage legal review.
OwnerCompliance + General Counsel
Evidence artifactAdverse-action notice audit memo with sample notices and counsel sign-off.
Fair-lending review on AI-augmented underwriting
WhatRun disparate-impact analysis on AI underwriting and BSA/AML scoring per CFPB Spring 2024 Supervisory Highlights methodology. Identify features with statistically significant disparate impact and document mitigation.
OwnerCompliance + Fair Lending Officer
Evidence artifactFair-lending statistical analysis report with per-feature disparate-impact testing results.
Configure ongoing monitoring
WhatDefine performance thresholds and drift-detection triggers per Tier 1 and Tier 2 model. Configure alerting when performance metrics fall below threshold or feature distributions shift materially. Document the retraining or model-replacement playbook.
OwnerCIO + CRO
Evidence artifactOngoing-monitoring dashboard with thresholds and escalation playbook documented.
Board-level model risk committee
WhatEstablish (or extend) the model risk committee to include AI scope. Quarterly cadence: model inventory updates, validation findings, outstanding remediations, fair-lending statistics, drift events. Board receives quarterly summary.
OwnerCRO + Board
Evidence artifactCharter, quarterly meeting minutes template, and first quarterly summary delivered to Board.
Examiner exhibit package
WhatPre-stage the documents an FFIEC examiner will request: model inventory, tier rationale memos, validation reports, monitoring evidence, fair-lending analysis, adverse-action notice audit, vendor TPRM gap closure evidence, model risk policy with AI scope.
OwnerCRO + Compliance
Evidence artifactExaminer exhibit binder (digital) ready for delivery within 48 hours of examiner request.
Quarterly retainer transition
WhatTransition from project-based engagement to quarterly model risk operations: inventory refresh, validation cadence execution, monitoring review, fair-lending re-test, and board reporting. Document the operating rhythm.
OwnerCRO + EFROS
Evidence artifactQuarterly model risk operating rhythm document with calendar and ownership matrix.
Examiner question bank · 2024-2026 cycles
Eight questions community bank examiners are asking now
These are the specific AI-related questions appearing in FFIEC, OCC, and FDIC examination scopes in 2024-2026 community bank cycles. For each, the answer pattern below is what survives the exam — produced from the artifacts built during the 90-day runbook.
Can you produce the most recent validation report for your credit-decisioning model?
Answer patternThe validation report must demonstrate four things: (1) the validator was independent of the developer and user, (2) conceptual soundness was assessed against the bank's portfolio and use case, (3) performance testing was performed against a labeled benchmark dataset, and (4) ongoing monitoring evidence shows the model is performing within documented thresholds. For a vendor AI model, the report includes output-based validation against the bank's own benchmark rather than weight-level review.
How are you complying with CFPB Circular 2023-03 for adverse-action notices on AI credit decisions?
Answer patternShow: a copy of an actual adverse-action notice generated by the AI system, the mapping from vendor model output (e.g., SHAP values) to the specific principal reasons listed on the notice, legal review sign-off that the reasons meet ECOA/Reg B specificity, and the audit cadence by which adverse-action notice quality is monitored.
What disparate-impact testing have you run on the AI underwriting model?
Answer patternProduce statistical disparate-impact testing by protected-class proxy (using approved methodology such as BISG for race or geographic proxies), per-feature contribution analysis identifying which features drive disparate impact, and documented mitigation actions where impact was identified. Cite CFPB Spring 2024 Supervisory Highlights as the methodology baseline.
Show me the model inventory, including AI/ML models, with tier classification.
Answer patternA spreadsheet or governance-platform export showing one row per model: model ID, vendor, intended use, data flow, owner, tier (1/2/3), validation cadence, last validation date, and next due date. Tier 3 models must be present with documented rationale for the low-risk classification.
Has your board approved a model risk management policy that covers AI and foundation models?
Answer patternThe current policy must explicitly reference AI/ML, foundation models, and LLMs. Provide board minutes showing approval, the policy version, and next scheduled review. If the policy still reads as written for traditional statistical models only, that is a finding.
How are you managing third-party AI vendor risk under FDIC FIL-13-2024?
Answer patternShow the TPRM file for each AI vendor: due-diligence documentation, model-card or technical documentation from the vendor, SOC 2 or equivalent attestation, contractual provisions covering data use and model change notification, and the bank's own output-based validation results. The bank cannot delegate validation to the vendor.
What ongoing monitoring is in place for the fraud detection model, and what triggers retraining?
Answer patternDocument the performance thresholds (e.g., AUC floor, false-negative rate ceiling), monitoring frequency (daily/weekly/monthly), drift detection methodology (PSI, feature distribution shift), and the documented retraining playbook including who decides, what data is used, and how the retrained model is validated before deployment.
How do your customer-facing GenAI tools (chatbots, IVR routing) avoid creating fair-lending exposure?
Answer patternShow: documented intended use and scope boundaries for each GenAI tool, audit-log evidence of customer interactions, fair-lending review of the deflection/routing logic, statistical testing of outcomes by protected class, and the escalation path when a customer asks about credit products.
FAQ
Common questions from community bank CROs and COOs
Our AI vendor says they handle validation — is that enough for SR 11-7?
No. Vendor-side validation is necessary but not sufficient. Under SR 11-7 and FDIC FIL-13-2024, the bank remains responsible for model risk regardless of how much validation the vendor performs. The bank must perform its own independent assessment — typically output-based validation against the bank's portfolio using a labeled benchmark dataset — and document why it is appropriate to use the vendor's model for this institution. The vendor's validation report is one input, not a substitute.
We're under $10B — does SR 11-7 actually apply to us?
SR 11-7 is supervisory guidance from the Federal Reserve, applicable to FRB-supervised state member banks and bank holding companies of all sizes — though depth of expectation scales with model complexity and reliance. OCC Bulletin 2011-12 applies in parallel to national banks. FFIEC's 2024 interagency statement explicitly applies model risk expectations to community banks using AI. The 'too small for SR 11-7' position has not survived recent examination cycles. Build a proportionate program — not a JPMorgan-scale program — but build one.
How does adverse-action notice work when an AI model rejects a loan?
ECOA/Reg B and FCRA §615 require that the bank provide specific principal reasons for denial — not a generic statement that the model produced a low score. Per CFPB Circular 2023-03, model complexity is not an acceptable reason for failing to identify principal reasons. In practice the bank must (a) extract feature-level explanations from vendor AI output (SHAP, LIME, or equivalent), (b) translate them into plain-language reasons meeting ECOA specificity, and (c) maintain documentation that the translation is faithful and complete. Legal review of sample notices annually.
Do we need a separate AI policy or does our existing model risk policy cover it?
Extending the existing model risk policy is the better path — it preserves continuity with the SR 11-7 framework and avoids creating a parallel governance track. Required edits: explicit scope language including foundation models and LLMs, tier definitions accounting for AI-specific risk profile, validation expectations recognizing output-based validation for black-box vendor AI, and AI-specific roles (AI use-case approver, prompt template owner) integrated into existing committee structures. A separate AI policy is acceptable but tends to create governance gaps where the two policies overlap.
We're considering Llama-3 self-hosted vs. a vendor LLM — which model risk profile is lower?
Self-hosted open-weight models (Llama-3, Mistral, others) have lower vendor-dependency risk and higher data-control posture — the bank can perform weight-level inspection and is not exposed to vendor model changes or vendor solvency. The trade-off: full responsibility for fine-tuning, hosting, MLOps, monitoring, and security. For a community bank without a dedicated MLOps team, vendor LLMs with strong contractual change-notification and a BAA-equivalent data agreement are usually the lower total risk path. The deciding factor is honest assessment of internal MLOps capability, not the headline of the model name.
What does a fair-lending audit look like for an AI scoring model?
A defensible audit covers four components: (1) demographic identification using BISG (Bayesian Improved Surname Geocoding) or equivalent approved proxy for race/ethnicity since lenders typically don't collect those data; (2) outcome testing — approval rates, pricing, and adverse-action rates analyzed by protected class with statistical significance testing; (3) feature-level disparate-impact analysis — which model features drive the impact and could they be removed or replaced; and (4) less-discriminatory-alternative analysis — whether an alternative model achieves substantially the same business outcome with reduced disparate impact. Annual cadence, documented methodology, findings escalated to Fair Lending Officer and CRO.
Terminology references for SR 11-7, NIST AI RMF, ECOA/Reg B, and BSA/AML are in the EFROS glossary. Broader financial-services positioning is on EFROS for Financial Services.
Three ways forward
Self-assess your AI model risk exposure in five minutes, reserve the fixed-fee $5K AI Governance audit, or see how EFROS operates the AI Governance program inside US community banks under one accountable SLA.