Understanding the PRA’s Policy Statement on Model Risk Management: A Comprehensive Overview


The Prudential Regulation Authority (PRA) has issued its much-anticipated Policy Statement (PS6/23) on Model Risk Management (MRM). Accompanied by the Supervisory Statement (SS1/23), this policy will come into force on 17 May 2024. This blog post aims to provide a detailed analysis of these developments, highlighting the key changes, implications for banks, and best practices for compliance.


In June 2022, the PRA published its consultation paper CP6/22, outlining principles for MRM. The core concern was that senior executives and Boards might not fully grasp the extent to which models influence management decisions in banks. The consultation proposed five principles for MRM and provided a broad definition of what constitutes a model.

The feedback from the industry has been substantial, prompting the PRA to adjust its approach in the final policy and supervisory statements.

Key Changes in the Supervisory Statement

Scope of Application

One of the most significant changes in the Supervisory Statement is the scope of application. Initially, the policy will only apply to banks with internal model (IM) approvals for regulatory capital purposes. Banks applying for IM approval will have 12 months from the approval date to comply with the principles. The PRA plans to clarify how the policy will apply to non-IM banks after progressing its policy on Simpler-regime firms. However, it emphasizes that all firms, regardless of size, must manage model risks if models are in use.

Reduced Prescriptiveness and Increased Proportionality

The detailed content of the principles has been revised to reduce prescriptiveness and increase proportionality. This allows banks more flexibility to interpret requirements based on their business complexity and size. However, this also introduces challenges in defining a compliant approach, requiring ongoing dialogue between the industry and the PRA.

Responsibilities and Attestations

The policy clarifies the responsibilities of the Senior Management Function (SMF). It specifies that more than one SMF may be appointed and allows the SMF to delegate certain activities while retaining accountability for the overall MRM framework. SMF holders must provide initial and annual attestations of compliance, a process requiring significant effort and collaboration from second- and third-line teams.

Adjustments and Clarifications

Several adjustments have been made to the initial consultation proposals, including:

  • Financial Reporting: Clarifying that MRM reporting should be available to the audit committee without changing its responsibilities.
  • Model Tiering: Allowing firms to select relevant factors for determining model complexity.
  • External Vendor Models: Ensuring banks receive sufficient information from vendors to validate the use of external models, without disclosing proprietary information.
  • Post Model Adjustments (PMAs): Recognizing the need for proportionality in PMAs.
  • Escalation Processes: Making the principle around escalation processes more principles-based.

Artificial Intelligence and Machine Learning (AI/ML) Models

The PRA received considerable feedback on the application of principles to AI/ML models, highlighting the complexity and cross-functional nature of these systems. Key points include:

  • Complexity and Explanation: AI/ML models can be highly complex, making it challenging to explain their outputs. Practical examples from the PRA would be beneficial.
  • Dynamic Recalibration: Frequent changes and recalibrations present additional oversight challenges.
  • Ethical Considerations: AI/ML models can raise ethical issues, including fairness and bias, which could increase conduct and reputational risks.

The PRA noted similarities between the feedback on MRM and the joint discussion paper on AI/ML in financial services. While there is no specific reference to AI/ML in the supervisory statement, banks should apply the MRM principles to AI/ML models unless further policy guidance is provided.

Implementation Challenges and Best Practices

Banks with existing IM permissions already face significant demands on their modelling teams. Key areas of ongoing work include:

  • IRB Roadmap Implementation
  • IFRS 9 Model Reviews and Revisions
  • Climate Modelling for Risk Management and Stress Testing
  • Basel 3.1 Implementation
  • Consumer Duty Model Risk Assessments

Governance and Validation

Designing and implementing a revised model governance process is crucial. This process should:

  • Retain existing capabilities while adding the capacity to oversee an expanded model population.
  • Ensure appropriate challenge for non-traditional models, such as Anti-Money Laundering models.
  • Provide additional training for modelling and validation teams, as well as members of model governance forums.

Multi-tiered Validation Process

A multi-tiered validation process is necessary to provide fit-for-purpose reviews for various model types. Banks should leverage technology for models with lower materiality and complexity.

Reporting and Commonalities

Effective reporting on the breadth of the model inventory is essential. Reports should focus on material models, allowing executives and boards to address supervisory queries and explain remedial actions. Identifying common requirements across different model workstreams can reduce workload and optimize resource utilization.


The PRA’s policy on MRM aims to elevate the treatment of model risk to the same level as other material risks within banks. By embedding these principles into the supervisory framework, the PRA seeks to drive a cultural shift in how banks manage model risk. Banks must navigate these changes thoughtfully, leveraging flexibility where allowed and ensuring robust compliance where required.

Like this article?

Share on Facebook
Share on LinkedIn
Share on XING

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.

    GDPR Cookie Consent with Real Cookie Banner Skip to content