KYE Model & Risk-Data Governance Pack™ — provable model authority & risk-data lineage for SR 11-7, SS1/23 & BCBS 239.
Banks now run AI/ML models inside decisioning and risk aggregation — and supervisors demand the work be provable when they ask. KYE Protocol™ governs the authority and evidence of model-driven decisions and risk-data flows and proves it for the supervisor: which exact model version produced the number, who validated and approved the model and until when, whether the decision stayed within the model’s approved bounds, whether the model change was a named-authority decision with evidence, and whether the risk report’s data lineage — every source, every transformation, every embedded model output — is provable end-to-end with a signed, replay-provable Evidence Pack™. KYE Protocol™ governs whether the model-driven work may proceed and proves how it came into existence — it does not build or validate the quantitative models, compute capital or liquidity ratios, judge model quality, or advise on portfolio composition. It is not investment advice.
The model produces the number — and the decision, the model change, and the risk report are the moments accountability concentrates.
Credit models, valuation models, AI/ML classifiers, and automated risk aggregation pipelines now feed consequential decisions and the reports boards and supervisors rely on. The high-value problem is not the model mathematics — it is the action boundary and its supervisory defensibility. Four facts converge:
- The consequential moment is the decision, the model swap, and the filed report — not the model run. A model output in a notebook is inert; a credit decision committed, a recalibrated model switched into production, or a risk number filed to the board is consequential. When the supervisor asks which model produced this number and who approved it, the answer must be derivable, not assembled after the fact.
- The untraceable-model-output problem is now a supervisory finding. Fed SR 11-7 and PRA SS1/23 require every reliance to trace to a validated, in-scope, inventoried model. KYE Protocol™ refuses any output whose model version or validation reference does not resolve against the model register — an untraceable model output never proceeds.
- The risk report’s lineage must be provable. BCBS 239 Principles 3, 4, and 6 demand accuracy and integrity, completeness, and reconstruction on demand. KYE Protocol™ binds every risk report to its data-lineage evidence chain — sources, transformations with actor and timestamp, embedded model outputs by version, and an integrity hash — before it is filed or relied on.
- This is a governance wedge, not a model stack. KYE Protocol™ does not compete with the bank’s quant teams, validation function, risk engines, or data platforms. It governs the action boundary they feed — the validated-use + named-authority + lineage + provenance-pin layer the model-risk ecosystem currently lacks.
Survives an examiner’s spot check, an internal-audit trace, or a skilled-person review — register-resolved, lineage-bound, and derivable from public keys alone.
- No untraceable model outputs, by construction. Every model-driven number, classification, or recommendation that proceeds toward a consequential decision must carry a resolvable provenance pin — model_id, exact version, validation reference in force. An output whose pin does not resolve against the model register is refused at the action-admissibility gate and never proceeds.
- Model use is authority-bound. A consequential decision may rely only on a model with a current validated status, used within its approved scope, under a recorded named-authority decision. A lapsed validation or an out-of-scope use is refused and routed dual-channel to the named model owner.
- Model changes are named-authority decisions. Every re-estimation, recalibration, AI/ML retrain, or production model swap takes effect only with the from/to versions, rationale, revalidation outcome or interim-use restriction, and the named model risk officer recorded — the silent-recalibration failure mode is refused.
- Risk-report lineage, sealed. Every board pack and regulatory risk return binds to its data-lineage evidence chain — sources, every transformation with actor and timestamp, embedded model outputs by version, integrity hash as assembled — reconstructable and valid at T=0, derivable from published keys alone, retained under WORM.
- Restructuring actions conform to declared policy. A portfolio restructuring action proceeds only when the declared regulatory and internal-policy obligations are satisfied and the basis recorded. Bound to Fed SR 11-7, PRA SS1/23, and all 14 BCBS 239 principles — each with a 90-day attestation cadence.
Every consequential model-driven action — authority-bound and evidenced at the action boundary.
One coherent spine governs three specializations — model-risk-management, risk-data-aggregation, and risk-reporting — with no parallel packs. Each model-driven output, model change, or risk report that moves toward a consequential action flows through the same five rules, on the canonical KYE Protocol™ envelopes.
- 1 — Output proposed. A model produces a score, valuation, classification, or recommendation that begins to move toward a consequential decision, a model version change is proposed, or a risk report moves toward filing.
- 2 — Authority + register check. The Action Admissibility™ Gate verifies the model register entry (current validated status, approved scope), the named authority under which the action proceeds, and that the provenance pin resolves, under the §25 Edge Governance Safety Floor. No validation, out-of-scope use, or unresolvable pin = no action.
- 3 — Lineage recorded. Every risk report carries its bound data-lineage evidence chain — source data assets, every transformation with actor and timestamp, embedded model outputs by model_id + version, integrity hash as assembled — before it proceeds.
- 4 — Evidence Pack™ sealed. The runtime emits kye.purpose.request.v1 + kye.purpose.admissibility.v1 + kye.evidence.decision_map.v1 + kye.evidence.pack.v1 + kye.replay.context_seal.v1 in lockstep, binding the authority, the register resolution, the lineage, and the provenance pin into a signed, replay-provable, WORM-retained Evidence Pack™ — reconstructable for an examiner, internal audit, or a skilled-person review.
Bound to the model-risk and risk-data supervisory perimeter.
The pack binds the canonical KYE™ artefact set to the model-risk and risk-data perimeter. Every claim resolves to a control row on the bound framework — the three regimes are consumed by the rule pack, never re-mapped (honest scope: KYE™ maps only the authority / evidence / lineage slices, and cedes the quantitative model work, the capital mathematics, and the portfolio judgment to the bank’s own quant, risk, and validation teams).
| Framework | Control area | Pack coverage |
|---|---|---|
| Fed SR 11-7 / OCC 2011-12 | Validated-model use authority, model change control, decision traceability to model version & validation, policy controls on use | partial |
| PRA SS1/23 (Principles 1–5, incl. AI/ML) | Model inventory resolution, named SMF accountability, use within approved scope, validation-status binding, mitigants & restrictions enforced | partial |
| BCBS 239 (all 14 principles mapped) | Risk-report lineage (P3/P4/P6), traceability + cadence + distribution evidence (P7/P10/P11), named authority on the report (P1) | partial |
Honest scope. KYE Protocol™ governs the authority, register resolution, lineage, provenance, and evidence of the model-driven action at the action boundary — whether the work may proceed and how it came into existence, so it is provable when the supervisor asks. It does not build or validate the quantitative models, compute capital or liquidity ratios, judge model quality, render the validation opinion, or advise on portfolio composition — it is not investment advice. Partial coverage means the bound surface satisfies the authority / evidence / lineage slice of the control area when paired with the bank’s own quantitative and validation work. KYE™ complements the bank’s quant, risk, and validation teams and their model stack — it does not compete with them.
Qualified financial-services partners — apply through the Foundry.
The KYE Model & Risk-Data Governance Pack™ is a §68 sector product productised through the KYE Sector Pack Foundry™ Build tier, with Starter, Enterprise, and Regulated commercial tiers; commercial distribution is value-based, qualification-gated, and disclosed under NDA to qualified applicants.