SS1/23

Published

December 23, 2025

Implement SS1/23 compliance using ​ValidMind.

Follow this detailed, step-by-step guide which will:

  1. Walk you through the practical steps required to implement end-to-end compliance using ​ValidMind.

  2. Link to supporting documentation and training for specific product features.

  3. Focus on actionable implementation rather than just explaining requirements.

Overview

SS1/23 (Model Risk Management Principles for Banks)1 establishes principles for managing model risk effectively, with emphasis on strategic planning and technical capabilities for emerging technologies like machine learning and AI. By emphasizing proportionate application, SS1/23 ensures that implementation reflects institutional size and complexity.

This guide is organized around the expectations for the five core principles outlined in SS1/23:

  1. Model identification and model risk classification

  2. Governance

  3. Model development, implementation, and use

  4. Independent model validation

  5. Model risk mitigants

1. Model identification and risk classification (Principle 1)

Purpose

Establish a structured approach to identify and categorize models within the MRM framework.

Steps

  1. Define model identification criteria:

    • Document what constitutes a model.
    • Establish criteria for inclusion in the MRM framework.
    • Consider edge cases (spreadsheets, vendor models, etc.).

  2. Configure risk classification and tiering fields:2

    • Set up model tier fields, such as Tier 1, Tier 2, and Tier 3.
    • Add risk classification categories.
    • Configure validation based on tier.

  3. Document materiality and complexity factors:3

    • Establish materiality thresholds.
    • Document complexity assessment criteria.
    • Link complexity to governance requirements.

2. Governance (Principle 2)

Purpose

Establish structured oversight with clear responsibilities and authorities.

Steps

  1. Configure Senior Management Function (SMF) accountability:

    • Document SMF responsibilities for MRM.
    • Configure approval authorities.
    • Establish escalation paths to senior management.

  2. Configure roles and responsibilities:4

    • Define roles across three lines of defense.
    • Document responsibilities for each role.
    • Configure permissions accordingly.

  3. Set up board oversight dashboards:5

    • Create executive-level dashboards.
    • Configure key risk indicators.
    • Establish board reporting cadence.

3. Model development, implementation, and use (Principle 3)

Purpose

Ensure models are developed and used per MRM framework guidelines.

Steps

  1. Configure documentation templates aligned to SS1/23:6

    • Select or create templates covering SS1/23 requirements.
    • Include sections for intended purpose and use boundaries.
    • Document development methodology.

  2. Enforce development standards:

    • Document coding and development standards.
    • Configure quality gates in workflows.7
    • Track compliance with standards.

  3. Document use case and limitations:8

    • Clearly state intended use cases.
    • Document known limitations.
    • Establish use boundaries.

4. Independent model validation (Principle 4)

Purpose

Implement objective validation to ensure models function as intended.

Steps

  1. Configure validation workflow for effective challenge:

    • Set up validation initiation workflows.
    • Ensure validator independence.
    • Define validation scope by model tier.

  2. Document objective assessment:9

    • Use validation report templates.
    • Document testing methodology.
    • Provide clear conclusions.

  3. Implement findings and remediation workflows:10

    • Track validation findings.
    • Assign remediation owners.
    • Monitor remediation progress.

5. Model risk mitigants (Principle 5)

Purpose

Implement controls to reduce potential adverse impact of model risks.

Steps

  1. Document controls:

    • Identify and document model controls.
    • Link controls to risks mitigated.
    • Track control effectiveness.

  2. Configure monitoring and alerts:11

    • Set up ongoing monitoring.
    • Configure performance alerts.
    • Establish response procedures.

  3. Implement change management workflows:12

    • Configure model change workflows.
    • Document change approval requirements.
    • Track change history.

6. ML/AI and emerging technology considerations

SS1/23 specifically addresses emerging technologies. ​ValidMind helps you implement these requirements:

Steps

  1. Implement additional controls for complex models:

    • Document enhanced validation requirements for ML models.13
    • Implement interpretability documentation.
    • Configure enhanced monitoring.14

  2. Address dynamic adjustments and change management:

    • Document model update procedures.
    • Implement change tracking for dynamic models.
    • Configure validation triggers for model updates.

  3. Document explainability and transparency:15

    • Assess explainability requirements by model type.
    • Document interpretability approaches.
    • Implement transparency controls.

Proportionality

SS1/23 emphasizes proportionate application. Consider:

  • Smaller institutions — May apply simplified governance structures while maintaining core principles.
  • Complex institutions — Require more sophisticated frameworks and controls.
  • Model tiering — Higher-tier models warrant more intensive oversight.

Document your proportionality assessment and how it influences your MRM framework design.

Implementation checklist