Bank of England’s SS1/23: Effective Model Risk Management Principles for Banks


In the dynamic landscape of the financial industry, banks face increasing complexity in their operations and risk management. To address the challenges posed by the use of models in decision-making processes, the Bank of England’s Prudential Regulation Authority (PRA) has issued Supervisory Statement (SS) 1/23. This statement outlines the PRA’s expectations for banks’ management of model risk, emphasizing the need for a strategic approach to model risk management (MRM) as an independent risk discipline. This blog post aims to provide an informative overview of the principles outlined in SS1/23 and their significance for banks operating in the UK.

Principle 1: Model Identification and Model Risk Classification

The first principle highlights the importance of accurately identifying and classifying models, allowing banks to recognize the potential risks associated with their use. It emphasizes the need for a robust framework that includes comprehensive documentation, inventory management, and risk classification processes. By understanding the strengths and limitations of each model, banks can make informed decisions and allocate appropriate resources for risk management.

Principle 2: Governance

Effective governance is crucial for managing model risk. Principle 2 emphasizes the need for clear accountability and responsibility within the organization. Banks should allocate the overall responsibility for the MRM framework to the most appropriate Senior Management Function (SMF) holder(s). This ensures that the governance structure supports the effective implementation of model risk management practices throughout the organization.

Principle 3: Model Development, Implementation, and Use

Principle 3 focuses on the lifecycle of models, covering their development, implementation, and ongoing use. Banks must establish robust policies and procedures for model development, ensuring adequate documentation, testing, and validation processes. Regular reviews and updates are necessary to address model performance issues, changes in business environment, and evolving regulatory requirements. Effective controls should also be in place to monitor the ongoing appropriateness and reliability of the models.

Principle 4: Independent Model Validation

Independent model validation is a critical component of model risk management. Principle 4 emphasizes the need for banks to establish independent validation functions separate from model development. These functions play a crucial role in assessing the conceptual soundness, performance, and appropriateness of models. Independent validation provides an objective evaluation of the models’ accuracy, limitations, and potential risks, enhancing the overall reliability of decision-making processes.

Principle 5: Model Risk Mitigants

The final principle focuses on identifying and implementing risk mitigants to address model risk. Banks should develop strategies to mitigate potential risks associated with models, including appropriate risk quantification, stress testing, and scenario analysis. Establishing effective model risk mitigants helps banks make informed decisions, enhances risk transparency, and strengthens the overall risk management framework.

Supporting Sub-Principles

The SS1/23 also provides additional guidance through supporting sub-principles:

  1. Proportionate Implementation: The expectations within the SS should be implemented in a proportionate manner, considering the complexity and scale of models and the unique characteristics of each institution.
  2. Allocation of Responsibility: Clear responsibility for the MRM framework should be assigned to the most appropriate SMF holder(s) to ensure accountability and oversight.
  3. Reporting to the Audit Committee: The effectiveness of MRM should be reported to the audit committee, ensuring transparency and facilitating proper oversight.
  4. Managing AI Risks: The SS addresses the risks associated with the use of artificial intelligence (AI) and machine learning in modeling techniques. Banks should identify and manage these risks as part of their overall model risk management practices.


The Bank of England’s SS1/23 establishes a comprehensive framework for banks’ model risk management practices. By adopting these principles and implementing the supporting sub-principles

How We Can Help

Model Risk Management on Connected Risk is a robust platform that allows you to manage and meet all of the obligations set within SS1/23 from the PRA. If you’re looking to meet regulatory requirements and obligations, our solution is the standard for your financial institution. Get started today using the form below, or learn more on our SS1/23 information page.

Like this article?

Share on Facebook
Share on LinkedIn
Share on XING

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.

    GDPR Cookie Consent with Real Cookie Banner Skip to content