PRA supervisory statement SS1/23

SS1/23 model risk management for PRA-regulated banks

The PRA's supervisory statement SS1/23 took effect on 17 May 2024, setting out five principles for managing model risk as its own discipline. VerifyWise gives you the model inventory, tiering, independent validation, monitoring and attestation to run the framework and evidence it to supervisors.

PRA supervisory statement SS1/23, published May 2023 alongside PS6/23, in effect since 17 May 2024. A supervisory expectation assessed through ongoing PRA engagement, not a standalone fine.

Model identification and tiering
Governance and board accountability
Independent validation and mitigants

What is SS1/23?

SS1/23 is the PRA's supervisory statement, published in May 2023 alongside Policy Statement PS6/23 and effective 17 May 2024, setting five principles for effective model risk management. It treats model risk as a distinct discipline that firms must identify, govern and control across the full model lifecycle.

Why this matters now: the PRA expects firms to have completed an initial self-assessment against the five principles, identified gaps and to be executing remediation, reviewed at least annually.

In effect now

Since 17 May 2024

Supervisory expectation

Assessed through ongoing PRA engagement, not a standalone fine

Pairs with our work on DORA and the VerifyWise platform for broader governance.

Who does SS1/23 apply to?

  • Firms with internal model (IM/IRB) approval for credit, market or counterparty credit risk capital
  • Firms without internal model approval may find the principles useful and are welcome to apply them
  • Scope is firm-wide, not just capital models
  • All models informing business decisions, in-house or vendor
  • IFRS 9 ECL and other financial-reporting models
  • Non-regulatory, AI and machine-learning models

The five principles of SS1/23

SS1/23 builds model risk management on five principles, plus expectations for vendor models and self-assessment. VerifyWise gives each one a home.

Principle 1: Model identification and risk classification

A firm-wide model definition, a complete inventory and risk-based tiering.

Firm-wide model definition
Firm-wide model inventory: purpose, assumptions, limitations
Ownership and interdependencies captured
Risk-based tiering (high, medium, low)
Tiering by materiality, complexity and business impact
Governance and validation effort scale with risk

Principle 2: Governance and board accountability

The board owns the framework and a named SMF holder is accountable.

Board establishes and annually reviews the MRM framework
Board sets policy and model risk appetite
Responsibility allocated to an accountable SMF holder (commonly the CRO, SMF4)
Internal audit assesses MRM effectiveness at least annually

Principle 3: Model development, implementation and use

Sound development, testing and documentation an independent expert can follow.

Sound development and rigorous testing
Documentation detailed enough for an independent expert
Data quality and provenance
Assumptions, limitations and calibration
IT and implementation controls
Appropriate use of outputs and ongoing performance monitoring

Principle 4: Independent model validation

An independent validation function providing effective challenge.

Validation independent of development
Validate new models and material changes before use
Re-validate periodically at a frequency driven by tier
Cover conceptual soundness and process verification
Cover outcomes and performance monitoring
Track findings to closure

Principle 5: Model risk mitigants including post-model adjustments

Where models underperform, mitigants and overlays are justified and controlled.

Apply and document mitigants where models underperform
PMAs and overlays justified and documented
Independently reviewed and approved
Monitored on an ongoing basis
Unwound as models improve, not left as permanent fixes

Vendor and third-party models

Externally developed models meet the same standards, and the firm stays accountable.

Board and senior management stay accountable
Brought into the same inventory, tiering and validation standards
Vendor data and assumptions verified
Independent ongoing monitoring despite limited transparency

Self-assessment and remediation

An initial self-assessment against the five principles, with tracked remediation.

Complete an initial self-assessment against the five principles
Identify gaps
Prepare and execute remediation plans
Review at least annually

Tier your models, then calibrate the rigor

SS1/23 expects governance and validation effort to scale with risk. VerifyWise tiers each model manually against materiality drivers into three tiers, and a tier increase automatically opens a fresh validation task.

Tier 1High materiality

Validated before use and re-validated most frequently, tightest monitoring thresholds, board-level visibility

Tier 2Moderate materiality

Scheduled validation and standard monitoring

Tier 3Lower materiality

Lighter-touch validation and monitoring, still inventoried

Tier 1: Continuous monitoringTier 2: Scheduled monitoringTier 3: Periodic review

For AI and ML models, complexity, opacity and explainability, and model interactions should push a model up the tiers. The same principles apply across every tier, only the intensity changes.

Where most model risk programs fall short

Many teams meet the expectations on paper but run them on spreadsheets and documents. Here is where those setups break, and what closes each gap.

The inventory lives in a spreadsheet

A shared workbook goes stale between reviews, has no owner per row and cannot show a supervisor when a model was last touched.

A single model inventory with owners and metadata per model, kept current through machine-to-machine ingestion tokens rather than manual edits.

Validation reports sit in scattered documents

Word files and email threads make it hard to prove independence, find evidence or show that every required section was covered.

Six-section validation reports with evidence links and findings logged by severity and stage, produced independently of the model's developers.

Monitoring is manual or does not happen

Drift and performance decay are caught late, if at all, and there is no record of what threshold was breached or what was done about it.

Metric thresholds such as PSI and AUC with warn, high and critical severities and defined breach actions, so decay surfaces and is actioned on a schedule.

Revalidation depends on someone remembering

A material change or a breach should reopen validation, but without a trigger it waits for the next annual cycle.

Breach, material change, tier increase and scheduled triggers open validation tasks automatically, each written to an append-only log.

Tiering is inconsistent across teams

Different groups rate the same class of model differently, so validation effort does not track real materiality.

One tiering scheme by materiality drivers that sets validation depth, monitoring cadence and attestation expectations per tier.

Program health is a manual quarterly scramble

Pulling together coverage, overdue validations and open findings for the board or a supervisor takes days of spreadsheet work.

A per-tier attestation roll-up (blocked or ok) that reads current coverage, monitoring status and open findings on demand.

How VerifyWise supports SS1/23

The model risk management module covers inventory, tiering, validation, monitoring, revalidation and attestation in one audit-logged workflow.

Model inventory and tiering

A firm-wide inventory with each model tiered manually into three tiers by materiality drivers, so governance scales with risk.

Addresses: Principle 1

Independent validation reports

Six-section validation reports (purpose and scope, conceptual soundness, data review, outcomes analysis and more) with evidence links and findings logged by severity and lifecycle stage, produced by validators independent of development.

Addresses: Principles 3 and 4

Ongoing monitoring

Metric thresholds such as PSI and AUC with warn, high and critical breach severities and configured breach actions (notify, or notify plus flag for revalidation) to catch performance drift.

Addresses: Principle 3

Revalidation triggers

Breach, material change, tier increase or scheduled review automatically open a validation task, with an append-only audit log of what changed and when.

Addresses: Principle 4

Attestation roll-up

Per-tier attestation reports a blocked or ok status across tiering current, validation coverage, monitoring active and open findings, giving the SMF holder and board a defensible view.

Addresses: Principle 2

Machine-to-machine ingestion

Metric ingestion tokens feed live model metrics in automatically, so monitoring reflects production behaviour, including for AI and ML models.

Addresses: Principles 3 and 4

Every tiering decision, validation, breach and revalidation is timestamped and audit-logged, producing the evidence the PRA looks for during supervisory engagement.

SS1/23 principle coverage

Coverage means dedicated tooling exists for each principle, not a compliance guarantee.

5

PRA principles

5

principles with dedicated tooling

100%

framework lifecycle covered

Identification and tiering1/1
Governance and accountability1/1
Development and use1/1
Independent validation1/1
Risk mitigants (PMAs)1/1

Built for model risk management from day one

The module was designed around the SS1/23 lifecycle, from identification through to mitigants.

Three-tier model tiering

Every model tiered by materiality drivers

Six-section validation reports

Findings logged by severity and stage

PSI/AUC monitoring

Warn, high and critical breach actions

Per-tier attestation roll-up

Blocked or ok across four checks

Penalties and supervisory consequences

SS1/23 is a supervisory statement, so it carries no standalone monetary penalty. The consequences are supervisory, capital and individual.

Supervisory action

Increased scrutiny, remediation directions and closer engagement where weaknesses persist.

Examples

  • Findings raised in supervisory review
  • Remediation timelines
  • Follow-up assessment

Additional capital

Persistent model risk weaknesses can feed Pillar 2 capital add-ons.

Examples

  • Capital scalars for model uncertainty
  • Buffers pending remediation

Individual accountability

Responsibility is pinned to a named SMF under the Senior Managers and Certification Regime, so the responsible senior manager can be held personally accountable.

Examples

  • CRO/SMF4 attestation
  • SM&CR conduct expectations

There are no automatic fines, but there are material governance consequences and personal accountability for the responsible senior manager under the PRA and the Senior Managers and Certification Regime.

SS1/23 already covers your AI and ML models

SS1/23 is technology-agnostic and principle-based, so AI and machine-learning models fall squarely in scope, from simple rule-based systems to complex and generative models.

The PRA has been explicit that non-traditional and non-regulatory uses count: AI screening job applicants, AI-driven customer chatbots and generative AI producing marketing content.

This makes SS1/23 a practical driver for AI governance: model inventories that include AI and ML, and independent validation of AI systems in regulated banks. That is exactly what the VerifyWise MRM module plus its AI governance modules deliver.

Applicant screeningCustomer chatbotsGenerative marketing content

See the VerifyWise platform and our work on the EU AI Act.

What SS1/23 asks for AI and ML

Tiering by complexity and opacity

Complexity, opacity and explainability, and model interactions push AI and ML models up the tiers.

Data validity and provenance

Establish the validity and provenance of data, including unstructured data, used to build and run models.

Uncertainty in decisions

Articulate and account for model-behaviour uncertainty in the decisions the model informs.

Drift monitoring

Monitor for performance drift where behaviour diverges from expectation after deployment.

SS1/23 requirements, mapped to VerifyWise capabilities

How each SS1/23 principle is operationalised in VerifyWise, with a specific, already-built capability rather than a roadmap promise.

SS1/23 requirementVerifyWise MRM capability
Principle 1: Model identification and risk classification: firm-wide model definition, a model inventory, risk-based tiering by materiality and complexityModel inventory plus manual tiering into three tiers by materiality drivers, so each model's governance and validation effort scales with its tier.
Principle 2: Governance and board accountability: framework owned by an accountable SMF holder (commonly CRO/SMF4), reviewed at least annuallyPer-tier attestation roll-up (blocked/ok) covering tiering current, validation coverage, monitoring active and open findings, a defensible view the SMF holder and board can sign off.
Principle 3: Model development, implementation and use: strong standards, documentation an independent expert can follow, data quality and provenance, ongoing performance monitoringSix-section validation reports (purpose and scope, conceptual soundness, data review, outcomes analysis and more) with evidence links, plus ongoing monitoring on metric thresholds such as PSI and AUC.
Principle 4: Independent model validation: independent function, validate new models and material changes before use, re-validate at a tier-driven frequency, track findings to closureIndependent validation reports with findings logged by severity and lifecycle stage, plus revalidation triggers (breach, material change, tier increase, scheduled) that auto-open validation tasks with an append-only audit log.
Principle 5: Model risk mitigants including post-model adjustments: mitigants justified, documented, independently reviewed, monitored and unwound as models improveMonitoring breach actions (notify, or notify plus flag for revalidation) and validation findings that surface underperformance, so overlays are tracked, reviewed and revisited rather than left as permanent fixes.
Vendor and third-party models: brought into the same inventory, tiering and validation standards, with independent ongoing monitoring despite limited transparencyThe same inventory, tiering, validation and monitoring workflow applied to vendor models, with machine-to-machine metric ingestion tokens feeding live outputs for independent monitoring.
Performance drift and model-behaviour uncertainty (a focus for AI and ML models)Metric-threshold monitoring with warn, high and critical breach severities detects drift, and machine-to-machine ingestion keeps monitoring aligned to production behaviour including for AI and ML models.
Self-assessment and remediation: initial self-assessment against the five principles, gaps identified, remediation tracked, reviewed at least annuallyAttestation roll-ups and findings-by-severity give an ongoing, auditable status against each principle, so gaps and remediation are visible and reviewable over time.

All activity is audit-logged for supervisory evidence, so each principle carries a reproducible trail.

What supervisor-ready looks like

Per-tier attestation rolls four checks into a single status the SMF holder and board can sign off before a gap is found for them.

OK

Tiering current

Every model tiered and dates fresh

OK

Validation coverage

Required validations complete per tier

OK

Monitoring active

Thresholds live and breaches actioned

Blocked

Open findings tracked

Findings logged by severity and stage

When all four are green per tier, attestation rolls up to OK. Any gap shows as blocked before a supervisor finds it.

Frequently asked questions

Common questions about SS1/23 and model risk management.

SS1/23 is the UK Prudential Regulation Authority's (PRA) supervisory statement setting out five principles for effective model risk management at banks. It treats model risk as a distinct discipline that firms must identify, govern and control across the full model lifecycle. It was published in May 2023 alongside Policy Statement PS6/23 and took effect on 17 May 2024.
It formally applies to PRA-regulated banks, building societies and PRA-designated investment firms with internal model (IM/IRB) approval to calculate regulatory capital for credit, market or counterparty credit risk. Firms without internal model approval may find the principles useful and are welcome to apply them. Scope is firm-wide: it covers all models informing business decisions, in-house or vendor, including IFRS 9 ECL, non-regulatory, and AI and machine-learning models.
No. SS1/23 is a supervisory statement, so it sets out the PRA's expectations rather than hard rules with a standalone monetary penalty. It operates within the PRA's supervisory framework: firms are expected to self-assess and remediate gaps, and persistent weaknesses can lead to increased scrutiny, additional Pillar 2 capital and remediation directions. Because responsibility is pinned to a named SMF under the Senior Managers and Certification Regime, the responsible senior manager can also be held personally accountable.
Yes. SS1/23 is deliberately technology-agnostic and principle-based, so AI and machine-learning models, from simple rule-based systems to complex and generative models, fall squarely within scope. The PRA has said non-traditional and non-regulatory uses are captured too, such as AI screening job applicants, AI-driven customer chatbots and generative AI producing marketing content. Firms must factor complexity and explainability into tiering, establish data provenance, account for model-behaviour uncertainty and monitor for drift.
Principle 1 asks firms to maintain a model inventory and apply a risk-based tiering system (for example high/medium/low) that rates models by materiality, complexity and business impact, so governance and validation effort scale with risk. VerifyWise lets you tier each model manually into three tiers against materiality drivers, and a tier increase is one of the triggers that automatically opens a fresh independent validation task, with the whole history captured in an append-only audit log.

Ready to operationalise SS1/23?

Run the five principles as a live workflow: tier your model estate, evidence independent validation, monitor for drift and give your SMF holder a defensible attestation.

SS1/23 model risk management for banks | VerifyWise