Key Regulations
Consider a Financial Institution with an advanced credit scoring AI model. Technically it works great, but during an audit regulators ask, where's the documentation? How was validation done? Who approved the changes?
The team does not have clear answers to these questions. The AI model isn't shut down because it was inaccurate, it was shut down because it was noncompliant.
Regulations aren't optional, they decide whether a model stays in production or not. Three key regulatory anchors for AI model validation:
SR 11-7
Basel Principles
EU AI Act
What is SR 11-7?
This supervisory guidance was issued in 2011 by the U.S. Federal Reserve and the OCC (Office of the Comptroller of the Currency). It was initially aimed at banks, but now influential across industries. SR 11-7 requires three things:
Independent validation - the team validating the AI model cannot be the same team that built it.
Documentation - must be complete, every assumption, data source and method must be explained
Continuous monitoring - must be ongoing, with back testing, benchmarking and reviews
The key takeaway here is that AI Models are treated as risk assets, not just technical tools.
What are the Basel Principles?
These were issues by the Basel Committee on Banking Supervision and are designed to protect financial stability. Their emphasis is on governance. Senior management and boards must be accountable for AI models risk.
Stress testing assess how AI models perform under extreme but plausible conditions. Oversight must be clear with evidence of escalation and corrective action when problems arise.
Basel takes a system-level view; if one bank fails at managing AI model risk, the impact can spread.
What is the EU AI Act?
This is more recent (2024) and applies across industries, not just banking. It classifies AI systems by risk levels. For high-risk AI systems, like credit scoring, medical models or hiring ,organisations must provide:
Transparency - explain how the system works
Human Oversight - humans must review and intervene
Documentation - provide detailed logs and audit trails required
Even outside of Europe, many global companies are preparing to comply with the EU AI Act, as it is setting the gold standard for AI governance.
Comparing Frameworks
| SR 11-7 | Basel Principles | EU AI Act |
|---|---|---|
| Independence | Governance | Transparency |
| Documentation | Accountability | Oversight |
| Monitoring | Stress Testing |
Together they reinforce one message. Validation isn't just technical testing, it's proof of governance, accountability and trust.
Mini Case Studies
SR 11-7 in action: A credit risk AI model
A mid-sized bank develops a machine learning model to assess credit risk. To comply with SR 11-7, the bank assigns a separate in-house internal audit team to validate the model ensuring independence from the development team.
The validators document every assumption, data source and algorithmic choice in a model card. They also implement a monitoring protocol that includes monthly back testing and performance benchmarking.
When regulators review the AI model, the bank is able to demonstrate full compliance with SR 11-7's requirements for independence, documentation and ongoing monitoring.
Basel Principles and EU AI Act: AI model in hiring
A multinational company uses an AI system to screen job applicants. Under the Basel Principles the board is briefed quarterly on updates on AI model risks. HR Leadership is accountable for oversight. Stress testing is performed to assess how the AI model performs under different applicant pool scenarios, including under represented groups.
To meet EU AI Act standards, the company classifies the AI model as high risk. It provides candidates information on how the model works and ensures a human review of final decisions and maintains audit logs of all screening outcomes.
This dual compliance approach strengthens governance and builds trust with customers.




