Model risk management (MRM)
Model risk management (MRM) is the process of identifying, monitoring, and mitigating risks that arise from the design, implementation, and use of models in decision-making.
What is model risk management (MRM)?
Model risk management (MRM) provides a structured approach to ensure that predictive, analytical, and AI-driven models operate reliably and transparently. It helps organizations validate model performance, address bias, and maintain compliance with regulatory standards.
Originally developed for financial institutions, MRM has expanded to include AI and machine learning models, where errors, bias, or misuse can lead to compliance, ethical, or reputational risks.
MRM frameworks align with governance practices such as AI governance and enterprise risk management (ERM) to ensure accountability, explainability, and lifecycle monitoring.
Why model risk management (MRM) matters
Models increasingly inform critical business functions — from credit scoring and fraud detection to automated hiring and compliance monitoring. Without proper oversight, inaccurate or biased models can cause financial losses, regulatory violations, or ethical issues.
Regulators such as the European Central Bank (ECB) and the U.S. Federal Reserve emphasize MRM as a key component of operational resilience and trustworthy AI. Frameworks like the EU AI Act and Digital Operational Resilience Act (DORA) also highlight model accountability as part of responsible AI governance.
A strong MRM program ensures models are documented, tested, explainable, and aligned with business objectives and compliance obligations.
How model risk management (MRM) is used in practice
- Validating and testing models to detect performance degradation or bias
- Documenting model design, inputs, and assumptions for transparency
- Establishing review and approval workflows before production deployment
- Monitoring ongoing model performance and retraining triggers
- Assessing AI models for fairness, explainability, and compliance
- Integrating MRM with governance frameworks such as AI impact assessments (AIIAs)
Related laws & standards
- EU Artificial Intelligence Act (EU AI Act)
- Digital Operational Resilience Act (DORA)
- Basel Committee on Banking Supervision (BCBS 239)
- SR 11-7 (Federal Reserve Model Risk Guidance)
- ISO/IEC 42001 (AI Management System Standard)
How OneTrust helps with model risk management (MRM)
OneTrust supports model risk management by helping organizations track model inventory, document risk assessments, and automate approval workflows. The platform provides audit-ready evidence for regulatory reviews and supports AI governance, fairness, and accountability practices.
[Explore Solutions →]
FAQs about model risk management (MRM)
MRM applies to financial, analytical, and AI models, including those used for credit, pricing, fraud detection, forecasting, and machine learning applications.
Model risk management typically involves collaboration between data science, risk management, and compliance teams, with oversight from internal audit and governance committees.
MRM complements AI governance by ensuring AI models are transparent, validated, and aligned with regulatory and ethical standards.
