Model risk

The potential for adverse consequences from decisions based on incorrect or misused model outputs and reports.

Source: AIEOG AI Lexicon (Feb 2026), Model Risk Management, Comptroller’s Handbook and Federal Reserve SR 11-7

Model risk is the risk that an organization suffers negative consequences because a model produced incorrect results or because model results were used inappropriately. It is one of the most established and well-defined risk categories in financial services, with dedicated regulatory guidance dating back to 2011.

Model risk arises from two sources: errors in the model itself (the model is wrong) and errors in how the model is used (the model is misapplied). A perfectly accurate model used for a purpose it was not designed for creates model risk just as much as a flawed model used for its intended purpose.

For AI models, model risk takes on additional dimensions due to the complexity, opacity, and data dependency of AI techniques. Traditional models often have known, well-understood failure modes. AI models can fail in less predictable ways.

Model risk management is a well-established regulatory expectation. The OCC’s Comptroller’s Handbook and Federal Reserve’s SR 11-7 provide detailed guidance on how institutions should manage model risk. These frameworks apply fully to AI models. For a deeper look at how Treasury guidance is shaping AI expectations for banks, see our explainer.

Model risk can manifest as financial losses, regulatory exposure, customer harm, and reputational damage. The expansion of AI use cases means model risk is growing — more models, more complex models, and models making more consequential decisions all increase aggregate model risk.

1. Maintain a comprehensive model inventory. All models, including AI models, should be registered and classified by risk tier.
2. Require independent validation. Models should be validated by parties independent of development before deployment and on a recurring basis. Equinox’s risk assessment services can support this process.
3. Monitor model performance. Implement continuous monitoring that tracks model accuracy, stability, and fairness metrics.
4. Establish governance committees. Model risk committees should oversee the model inventory, validation results, and risk metrics.
5. Report to senior management and the board. Aggregate model risk should be reported as part of the institution’s overall risk profile.
6. Apply proportionate governance. Higher-risk models require more intensive governance, validation, and monitoring.

AI model, AI governance, Validation, AI risk assessment, AI drift/decay, Model integrity, Performance monitoring, Benchmarking