SR 11-7 — Model Risk Management.
Issuer: U.S. Federal Reserve / OCC / FDIC · Year: 2011 · Source: official text →
Scope: Banking — model risk management for all regulated banking organisations supervised by the Federal Reserve, OCC, and FDIC.
What KYE Protocol™ supplies
SR 11-7 demands documented model inventory, governance, monitoring, and independent validation for every model used in critical decisions. KYE Protocol™ supplies the runtime artefacts every paragraph of SR 11-7 expects: model identity (Entity Engine), authority + purpose (Authority + Purpose engines), evaluation logs (Decision Engine), and replayable audit chain (Evidence + Replay engines).
Per-clause control mapping
| SR 11-7 clause | KYE Protocol™ binding |
|---|---|
| §III — Model inventory + identification | Entity Engine — every model entity has a KYEID and an authority graph. |
| §IV — Effective challenge / independent validation | Decision Engine + Scenario Engine — every decision is bound to a signed Decision Map™; Scenario Engine provides counter-factual replay. |
| §V — Documentation + change management | Operating Model + Rules Engine + signed transitions; every model change emits a signed state-transition event. |
| §V — Outcomes analysis + ongoing monitoring | Drift Cascade™ + Reconciliation Engine™ — drift events are detected and routed to signed revocation events; reconciliation runs declared-vs-deployed bijection. The cascade propagation construction is part of the patent track and is not disclosed in this repository. |
| §VI — Model risk governance + roles | GovernedUI Action Approval + Critical Point Review modules; two-person + two-person-with-legal approval modes. |
| §VII — Internal audit + external audit accessibility | Replay Proof™ + Evidence Pack™ — replayable offline by independent auditors using only the publisher's JWKS. |
Every binding above resolves to a canonical KYE Protocol™ artefact (engine, schema, audit event, or patent claim). The full per-control register is published in the conformance repo at github.com/KYE-Protocol/app/tree/main/internal.
What an auditor / regulator gets
- Replay Proof™ — re-derive any decision offline using only the publisher’s published JWKS. No back-channel to KYE™ project.
- Evidence Pack™ — sealed, signed, replayable container of decisions + bound rules + audit-chain anchors.
- Conformance Pack — 133-fixture black-box test suite; signed
kye.conformance_report.v1envelope. - Audit Chain — per-tenant WORM-anchored audit chain; the specific multi-tier immutability construction is part of the patent track and is not disclosed here.
- Compliance Attestation — per-framework signed
kye.compliance.attestation.v1envelopes (90-day cadence).
Adjacent paths
- All frameworks — the framework catalogue (this is a deep-dive).
- For regulators — what supervisors see.
- For auditors · Onboard your firm
- Whitepaper — the technical foundation.
- Apply for a regulated-pilot — banking-grade scoped engagement.