Claude Partner Network memberAI, engineered for the enterprise
An open regulatory binder with blank pages on an oak table beside an unlit brass lamp, in warm cream and terracotta light
Financial services

SR 11-7 was replaced — and it left generative AI out of scope.

For fifteen years, SR 11-7 was the answer to "how do we govern this?" — a shared blueprint your model-risk team and your examiner both worked from. On April 17, 2026, the OCC, Federal Reserve, and FDIC replaced it. And the new guidance says the one thing you did not want to hear about the AI you most want to deploy: it is not in scope.

First reported by OCC Bulletin 2026-13 · 2026-04-17

What actually changed

On April 17, 2026, the three federal banking agencies jointly issued revised model-risk-management guidance — OCC Bulletin 2026-13, with the Federal Reserve's parallel as SR 26-2 — that replaces the 2011 SR 11-7 framework. The new guidance is principles-based rather than prescriptive. And it is explicit on one point: generative and agentic AI models are "not within the scope of this guidance."

That is not an oversight. The agencies direct banks to apply broader risk-management and governance practices to the systems the guidance does not cover, and they signal a forthcoming Request for Information (RFI) on AI-specific model-risk management. Read plainly: a dedicated framework for generative and agentic AI is coming, but it is not here yet, and the interim is yours to govern.

The instinct in a lot of institutions will be relief — fewer prescriptive boxes to check. That instinct is wrong. SR 11-7 was demanding, but it was also a safe harbor: do these things, in this way, and you had a defensible position. For generative AI, that harbor is now gone.

Out of scope is not a free pass

It is tempting to read "not within the scope of this guidance" as "not regulated." It is the opposite. The agencies did not exempt generative and agentic AI from oversight; they declined to hand you the recipe for it. You are still expected to manage the risk — under broader safety-and-soundness and governance expectations — but without the itemized checklist that told you what "enough" looked like.

Under the old regime, an examiner could ask whether your validation covered conceptual soundness, outcomes analysis, and ongoing monitoring, and you could point to each. Under the new one, for the AI systems banks are most eager to ship — drafting, summarization, alert triage, agentic workflows — the examiner asks a harder, more open question: show me how you govern this. There is no form to fill in. There is only the evidence you can produce.

So the burden of proof shifted. It moved from "did you follow the framework" to "can you demonstrate the system is controlled." That is a heavier ask, and it lands on the institution, not the regulator.

The question the examiner will actually ask

When a framework goes principles-based and a technology goes out of scope at the same time, the examination stops being a checklist walk-through and becomes a demonstration. The examiner is no longer verifying compliance with named steps. They are probing whether you understand and control a system the guidance pointedly did not describe.

Expect the questions to get concrete and behavioral. How do you know this output is grounded in your source of record rather than fabricated? Who reviewed this decision, and where is that recorded? What could this agent do that it should not be able to do — and what stops it? When it went wrong, how did you find out, and how fast? None of these have a paragraph number to cite. Each has a control that either exists in your system or does not.

This is the reframe. The old work was reading the rule and conforming to it. The new work is building a system whose behavior is self-evidently governed — so that when the RFI closes and the AI-specific expectations arrive, you are already answering them, not scrambling to.

The control layer that answers it

A principles-based, out-of-scope world rewards one thing: systems that are governed by design, where the evidence an examiner wants is a byproduct of how the system runs — not a document assembled after the fact. That is the layer we build, and it maps directly onto the questions above.

None of these is a policy you assert. Each is a control that operates on every request and leaves a trace. That distinction is the whole point: in the absence of a prescriptive rule, "we have a policy" is worth little, and "the system enforces it, and here is the log" is worth everything.

  • Grounding and citations. Outputs are tied to your authoritative source of record, and every claim carries its citation — so "how do you know it's not fabricated" has a demonstrable answer, not a reassurance.
  • Human-in-the-loop. Material decisions route through a qualified reviewer, with the approval captured. Delegated autonomy is earned and bounded, and the boundary is enforced rather than trusted.
  • Audit trails. Every input, retrieval, output, override, and change is recorded and reproducible — the evidence file writes itself as the system operates, instead of being reconstructed before an exam.
  • Least privilege and role-based access. The system — and any agent within it — can reach only what its task requires. "What could it do that it shouldn't" has a small, provable answer.
  • Monitoring and change control. Grounding rates, override frequency, and drift are watched live; every prompt, retrieval, and model-version change is tested and logged before it ships, so "we tweaked it last Tuesday" never becomes a finding.

Build for the RFI you can see coming

The forthcoming RFI is a signal, not a threat. The agencies are telling you where the puck is going: toward AI-specific model-risk expectations. Institutions that wait for the final text will govern reactively, retrofitting controls onto systems that were never designed to produce evidence. Institutions that build the control layer now will find the eventual requirements describe what they already do.

The lowest-risk path has not changed, even as the framework did. Start with augmentation — the system gathers context, drafts a recommendation with its rationale and citations, and a qualified person decides — because it keeps a human accountable and produces exactly the evidence an open-ended examination demands. Expand autonomy only as the track record earns it. That posture was defensible under SR 11-7. It is more defensible now, because it answers a question the new guidance leaves deliberately open.

SR 11-7 told you what to prove. Its replacement leaves that to you. The institutions that come out ahead are the ones that treat governance as an engineered property of the system — grounding, oversight, audit, least privilege — rather than a document produced for the exam. That is the gap the new guidance opened. It is also the one we close.

The rule that gave you a checklist is gone; the AI you want to run is the part it left out. The trust gap between "we built it" and "we can prove it's controlled" is now yours to close — and closing it is the entire discipline.

We build Claude implementations where grounding, human oversight, audit trails, and least privilege are properties of the system, not promises about it — so the evidence an examiner asks for is already in hand when the AI-specific rules arrive.

Take the readiness assessment Claude for financial services