San Francisco, CA, 24th June 2026, ZEX PR WIRE — Kevin D. Oden & Associates (KDOA), a model risk management and quantitative advisory firm, today shared its perspective on SR 26-2, the revised interagency guidance on model risk management issued jointly by the Federal Reserve, the Office of the Comptroller of the Currency, and the FDIC on April 17, 2026.
The revised guidance (SR 26-2, OCC Bulletin 2026-13, and FDIC FIL-15-2026) supersedes the 2011 guidance widely known as SR 11-7, which had governed how banking organizations identify, validate, monitor, and govern quantitative models for fifteen years. The update moves toward a more flexible, principles-based approach that is tailored to an institution’s model risk profile and the size and complexity of its operations. It is expected to be most relevant to banking organizations with more than $30 billion in total assets, though smaller institutions with significant model-risk exposure may also fall within its expectations.
KDOA’s central observation is what the guidance leaves out. SR 26-2 expressly places generative AI and agentic AI models outside its scope, describing them as novel and rapidly evolving. The revised principles apply to traditional statistical and quantitative models. For institutions already deploying AI-driven tools across credit, fraud, BSA/AML, and customer-facing functions, this means there is no regulatory floor specific to those systems. The responsibility to define proportionate governance and controls sits with the institution.
“The agencies modernized the baseline and were deliberate about not extending it to generative and agentic AI,” said Kevin Oden, Managing Partner of Kevin D. Oden & Associates. “That is a reasonable call given how fast the technology is moving, but it does not reduce the risk these systems carry. It relocates the burden. Boards and model risk teams now have to build credible governance for AI without a prescriptive standard to point to, while also re-grounding their traditional model programs in the revised guidance.”
KDOA notes three practical implications for institutions reassessing their programs against SR 26-2:
- Re-baselining is not optional. Policies, validation standards, and inventory taxonomies written against SR 11-7 reference a superseded standard. Programs should be re-mapped to the revised principles, with particular attention to how materiality and a risk-based, tailored approach are documented.
- The AI gap is now an institutional decision. Because generative and agentic AI sit outside the guidance, institutions must decide, document, and defend how those systems are governed under their own risk frameworks. Examiners can still act on unsafe or unsound practices regardless of scope. Separate AI-specific guidance is widely anticipated.
- Proportionality cuts both ways. A principles-based standard gives institutions room to right-size their programs, but it also removes the cover of a checklist. The reasoning behind each control choice has to hold up.
A final point on scope: the exclusion is narrower than it first appears. Only generative and agentic AI fall outside SR 26-2. Traditional statistical and quantitative models remain fully in scope, as do non-generative, non-agentic AI and machine learning models. For most institutions, that means the bulk of their AI/ML footprint, including the conventional machine learning used in credit, fraud, and BSA/AML, is still governed by the revised guidance and has to be re-mapped to it. The open question sits only with the newest generative and agentic systems, which is exactly where the institution, not the regulator, now sets the standard.
KDOA’s validation and governance teams, whose members have held senior model risk roles at institutions including the Federal Reserve, Fannie Mae, Wells Fargo, Bank of America, Lloyds Banking Group, and Varo Bank, are advising clients on re-baselining their programs to the revised guidance.
The firm’s technology platform, Model IQ, supports this work by managing the full model lifecycle in one system, from registration and risk tiering through validation, monitoring, and board reporting. Its program-assessment tooling is being updated to evaluate institutions against the revised guidance, helping teams identify gaps and track remediation as they transition off the 2011 standard.
About Kevin D. Oden & Associates
Kevin D. Oden & Associates provides quantitative analysis, model risk management, and risk advisory services to the financial industry and beyond. The firm’s team includes more than ten PhDs and senior quantitative analysts with experience across credit, market, BSA/AML, fraud, CECL, stress testing, and AI/ML models. KDOA is SOC 2 Type II certified and an NMSDC-certified Minority Business Enterprise. Its Model IQ platform was designed by practicing model risk managers for the teams that run MRM programs day to day.
For more Information, You can Visit: https://kdoden.com
Disclaimer: The views, suggestions, and opinions expressed here are the sole responsibility of the experts. No Urban Flash News journalist was involved in the writing and production of this article.