shieldTrust: T1, T2expand_more

scheduleSince: any timeexpand_more

eventAs of: Liveexpand_more

sortSort: Relevanceexpand_more

CJ

What are the model risk management requirements under SR 11-7 for our credit scoring model, and which apply before we can promote CS-204 to production?

neurology

AveryVirtual expert

SR 11-7 frames model risk management around three pillars: robust model development, ongoing validation, and governance with clear accountability. For CS-204, the controls that gate production sit in the first two pillars.

An independent validation covering conceptual soundness, outcomes analysis, and monitoring design is required prior to deployment, performed by staff independent of model development. Development documentation must let a third party reproduce the model without recourse to the developers.

Because CS-204 informs consumer credit decisions, fair lending testing and a documented effective challenge record should be attached to the validation package. Your MRM policy also requires Tier-1 models to carry a board approved risk rating, which CS-204 currently lacks.

account_treePremise chain

CS-204 is classified a Tier-1 model under MRM policyT1

Independent validation is required before productionT1

Tier-1 models require a board-approved risk ratingT2

CS-204 has no board-approved rating on fileT1

privacy_tipOne identifier was redacted by your base policy. For an authorised task, declare a purpose to access it; the exemption is recorded.

verified_user

Validity warrant issued

2026-06-17 09:42 · WRNT-204-7 · requested by CJ (RM), in policy

Warrant scope:

This answerConversationDecision

CJ

Who has to sign off the validation, and can development staff do it?

neurology

AveryVirtual expert

Sign-off must come from a validation function that is independent of model development. Developers may support the exercise but cannot own the validation conclusion or the effective-challenge record.

verified_user

Validity warrant issued

2026-06-17 09:44 · WRNT-204-8

View warrantchevron_right

attach_fileAttach from Vault⏎ send · ⇧⏎ newline

search

Filters and sort are in the header.

Preview state:

ResultsLoadingEmptyError

142 resultspage 1 of 12

gavel

SR 11-7: Guidance on Model Risk Management

gavelFederal Reserve · Regulation · pp. 3–7

…validation should be performed by staff who are independent of model development, covering conceptual soundness, ongoing monitoring, and outcomes analysis…

Why relevant: directly defines the independent-validation requirement and who may perform it.

T1 authoritativerelevance 0.962024-11Open originalopen_in_new

rule

Independent Validation Standard MRM-STD-02

ruleInternal · Policy · §4.2

…the scope of an independent validation shall include benchmarking, replication where feasible, and an assessment of requirements for ongoing monitoring…

Why relevant: your internal standard operationalising the regulator's expectation.

T2 reliablerelevance 0.912025-02Open originalopen_in_new

description

OCC Bulletin 2011-12

descriptionOCC · Regulation · supervisory

…supervisory expectations for validation activities, including effective challenge by parties independent of the model owners…

Why relevant: companion supervisory guidance reinforcing effective challenge.

T1 authoritativerelevance 0.882024-09Open originalopen_in_new

menu_book

Outcomes Analysis Playbook

menu_bookInternal · Method · v2

…operational guidance for the validation team performing outcomes analysis and back-testing…

Why relevant: method-level detail, useful but not authoritative on requirements.

T3 contextualrelevance 0.792025-01Open originalopen_in_new

CJ

Map EU AI Act Articles 9–15 obligations to our internal model-risk controls and flag any requirements we do not yet cover.

travel_explore

AveryDeep research

helpClarified before starting

Which articles are in scope?Art. 9–15 (risk, data, documentation, transparency, human oversight)

What output do you want?A control-mapping table plus a list of gaps

How deep, and which sources?Standard depth · prefer T1 and T2 · internal policy first

account_treeReasoning plancaptured and preserved with this inquiry

check1 · Plan. Broke the objective into seven sub-questions, one per article cluster.0:08

check2 · Initial search. Retrieved the EU AI Act text and 38 internal control and policy sources.0:51

check3 · Reflect. Assessed coverage and trust tier; two clusters were thin on internal evidence.1:20

check4 · Follow-up. Ran four targeted searches for human-oversight and record-keeping controls.2:05

check5 · Synthesise. Aligned each obligation to a control and flagged the unmapped ones.2:48

progress_activity6 · Improve. Running a sub-plan to confirm the two gaps are not covered elsewhere.71%

7 · Choose format. Mapping table plus gap list, as requested.queued

8 · Produce output. Render the report and issue a validity warrant.queued

Draft, updating as the run completes. Articles 9–15 map cleanly onto existing model-risk controls in most areas. Two obligations have no current internal control and are flagged below.

EU AI Act obligation	Internal control	Status
Art. 9 · Risk management system	MRM-STD-01 model risk framework	Mapped
Art. 10 · Data and data governance	DATA-GOV-03 data quality and lineage	Mapped
Art. 11 · Technical documentation	CS-204 development record v4	Mapped
Art. 12 · Record-keeping and logging	—	Gap
Art. 13 · Transparency to deployers	MODEL-CARD-02 disclosure pack	Mapped
Art. 14 · Human oversight	—	Gap
Art. 15 · Accuracy and robustness	MRM-STD-02 validation standard	Mapped

Two gaps to close. Article 12 needs a defined automatic logging and retention control for the model's decisions, and Article 14 needs a documented human-oversight procedure for the credit-decisioning use of CS-204.

verified_user

Validity warrant issued on completion

RES-118 · pending final step

Preview warrantchevron_right

attach_fileAttach from Vault⏎ send · ⇧⏎ newline

hubRelated topicsdownloadexpand_more

tagTag cloudexpand_more

descriptionSources4expand_more

gavel

SR 11-7 Guidance on Model Risk Management

Regulation · Federal Reserve · p.3–7

open_in_new

rule

Independent Validation Standard

Policy · Internal · MRM-STD-02

open_in_new

description

CS-204 Model Development Record v4

Procedure · Internal · p.11

open_in_new

layers

MRM Policy — Tiering & Ratings

Policy · Internal · POL-MRM-01

open_in_new

publicSites3expand_more

verified

federalreserve.gov

T1 · 2 documents

open_in_new

verified

occ.gov

T1 · 1 document

open_in_new

corporate_fare

intranet · risk.internal

T2 · 3 documents

open_in_new

T1 authoritativeT2 reliableT3 contextualT4 unverified

tuneQuery scope and filtersexpand_more

Knowledge baseRisk & Compliance KB · PROD

Trust tiersT1, T2

As ofLive

FreshnessAny age

Drawn from

Licensed (partner)2

Organisation1

External vetted1

Personal files0

account_treeReasoning planexpand_more

checkParsed the question and scope

checkSearched the knowledge base

checkSelected top 5 by relevance and tier

checkSynthesised the answer

checkIssued a validity warrant

Captured and preserved with this inquiry.

Context

Vault

Your private materials · 1,204 files · 3.8 GB

0 selected

Name	Abstract	Type	Origin	Status	Visibility
description CS-204_Dev_Record_v4.pdfModel risk · Procedure auto · change validationSR 11-7model risk	Development record for the CS-204 credit-scoring model: data, methodology, performance testing, and limitations.	PDF	Uploaded	check_circleIndexed	groupsShared	visibilityOpen file open_in_newOpen original folder_openShow in folder categoryReclassify type… shieldAdjust tier… labelEdit tags drive_file_moveMove to collection groupsManage sharing deleteRemove
rule Fair_Lending_Protocol_draft.docxCompliance · Policy auto · change fair lendingconsumer credit	Draft protocol for fair-lending testing of consumer-credit models, including disparate-impact analysis.	DOCX	Crawled	check_circleIndexed	how_to_regNominated	how_to_regApprove to collection visibilityOpen file folder_openShow in folder categoryReclassify type… shieldAdjust tier… labelEdit tags groupsManage sharing blockReject
dataset Validation_backlog_Q2.xlsxMRM · Reference auto · change validationbacklog	Quarterly tracker of models awaiting validation, with owners, due dates, and tiering.	XLSX	Crawled	progress_activityProcessing	lockPrivate	visibilityOpen file folder_openShow in folder categoryReclassify type… shieldAdjust tier… labelEdit tags groupsManage sharing deleteRemove
grid_on Risk_register_row.tmplTemplate · saved from Take action type · change templaterisk register	Reusable risk-register row mapped from an answer; fields editable before export.	Template	Saved	check_circleReusable	groupsShared	boltUse in Take action editEdit template folder_openShow in folder labelEdit tags groupsManage sharing deleteRemove

File	Stage	Status	Detail
Validation_backlog_Q2.xlsx	Embedding	progress_activityProcessing	step 5 of 7
Vendor_pack_2024.ziparchive with macros	Security scan	gpp_badQuarantined	Embedded / active code detected	visibilityView scan report verified_userMark safe & reprocess restart_altReprocess deleteDiscard
policy_scan_p47.pdfscanned PDF	Parse / OCR	errorError	OCR could not read 3 pages	restart_altRetry OCR upload_fileReplace file deleteDiscard
vendor_brief.htmlweb capture	Security scan	gpp_badQuarantined	Prompt-injection pattern	visibilityView scan report cleaning_servicesNeutralise & reprocess deleteDiscard

cloud_sync

Local Drive · /Compliance

running · 1,204 discovered · 892 indexed · 312 queued

ruleInclude: *.pdf, *.docxblockExclude: /archivelayersDepth 3 · 5k pagesgroupsShare → CompliancetuneSelection criteria

how_to_reg14 nominated for approval

public

Regulator sites · scheduled

paused · next run daily 06:00 · recursion 2

listSeeds: 6 URLsaccount_treeTopics: Model Risk, Basel IVgroupsShare → all collections

hard_drive

Local Drive · /Compliance

892 files · last sync 4m ago · auto-crawl on

cloud

SharePoint · Risk

connected · scoped to /Risk/Policies

Drives are added in one place: the Connect a drive button above. Scope, schedule, and sharing are set per drive.

Topics

Subjects you follow · drives discovery, monitoring, and News

Prudential

Basel IV1 new · 94%

chevron_right

Model Risk2 new · 90%

chevron_right

AI & Models

EU AI Act1 new · 61%

chevron_right

Suggested for you

addOperational ResilienceaddClimate Risk DisclosureaddCCAR / Stress Testing

The projection is relative to the current context. Drill into a node to focus it; the breadcrumb tracks where you are. Switch the projection type above.

News

Updates from your monitored topics · Today

0 selected

EUR

EU AI Act T1 source

Delegated act on high-risk AI classification published

European Commission·2h ago

Abstract: The Commission sets the criteria and conformity steps for high-risk AI systems, tightening how credit-decisioning models are classified and what evidence must accompany them before deployment.

Why relevant: affects how CS-204 is classified; 4 sources in AI Governance may need re-validation.

Suggested inquiries

question_answerDoes this reclassify CS-204?question_answerWhich controls need re-validation?

OCC

Model Risk T1 source

OCC signals refresh of model risk management expectations

OCC·Yesterday

Abstract: The OCC flags a forthcoming update to supervisory expectations for model risk, with emphasis on validation independence and ongoing monitoring cadence.

Why relevant: touches your most-cited branch; may change validation cadence.

IND

Model Risk T3 source

Industry blog: practitioners debate validation independence

RiskBlog·2 days ago

Abstract: A practitioner roundup of how firms staff and scope independent validation, with varied interpretations of who may sign off.

Why relevant: contextual only, not authoritative. Use Open case to Steward to request this source be vetted.

Dismissed stories are kept in When → Dismissed and on the source's history, so a source is never silently dropped.

Cases

Issues and help requests raised to the Steward

CASE-204 · Fair lending source disputed

hourglass_topTriageSource dispute·2m ago

CASE-198 · Benchmarking gap escalation

errorOpenData gap·1h ago

CASE-191 · GDPR Art. 22 interpretation

check_circleResolvedHelp request·3 days ago

Curation queue

Approve, hold, or re-source what is waiting · changes preview before they commit

Waiting

7

trending_down5 resolved

User suggestions

3

trending_up+1

Open gaps

23

north_east2 new

Conflicts

4

north_east1 new

Suggested by userCJ · 2m ago

Add “Fair Lending Testing Protocol” to Model Risk → Validation and promote to T2.

Gappriority · high

Benchmarking has only 3 sources and no verified methodology. Pre-staged candidate: BIS benchmarking note (T1).

ConflictModel Risk · Validation

SR 11-7 guidance (T1) conflicts with an internal working note (T3) on who may sign validation. The T3 note is decaying.

Veracity gatebelow threshold · corroboration

vendor_brief.pdf fell below the corroboration threshold and is held out of the base.

Revalidationrequested by user

occ.gov flagged as possibly stale. Last validated 94 days ago.

Coverage

Declared, observed, and available coverage on each managed dimension

Coverage

87%

trending_up+4.2 pts

Declared dimensions

6

radargeography, framework…

Thin areas

3

north_eastAI Gov, AML

Decaying items

12

trending_downrefresh due

Coverage radardownload

Observed against declared, per dimension

Observed Declared

Branch coverage

Trust-tiered source coverage per branch

Capital & LiquidityBasel III / IV

94%

Model Risk MgmtSR 11-7 / OCC

90%

Data PrivacyGDPR / CCPA

88%

Financial CrimeAML / KYC

72%

AI GovernanceEU AI Act

61%

Causal graph

Claims sized by epistemic gravity, coloured by trust tier

Claims

1,284

trending_up+36

Load-bearing

38

fitness_centerhigh gravity

Conflicts

4

north_east1 new

Decaying premises

12

trending_downrefresh due

Claim graph

Node size is gravity; colour is trust tier

T1T2T3T4

Beliefs

Managed premises, revise or untrust with preview

Validation must be independent of developmentT1

Developers may not sign the validation conclusionT1

A peer reviewer may sign in small teamsT3

Sources

Source health, trust tier, freshness, and validity

Sources

503

trending_up+18

T1 / T2

412

shield82%

Stale

21

schedulerefresh due

Unreachable

3

link_offre-source

Source	Tier	Last validated	Status
federalreserve.govSR 11-7 model risk guidance	T1	3d ago	check_circleCurrent
occ.govModel risk expectations	T1	94d ago	scheduleStale
intranet · risk.internalInternal working notes	T3	120d ago	trending_downDecaying
vendor-portal.exampleVendor methodology pack	T2	unreachable	link_offUnreachable

Recipe

Knowledge as code: the base defined, versioned, validated, and promoted

Recipe as coderecipe.yaml

Declarative and version-controlled

scope:
  domain: Risk & Compliance
  dimensions: [geography, framework, time, sector, authority, topic]
sources:
  - id: fed-sr-11-7
    tier: T1
    monitor: weekly
  - id: occ-mrm
    tier: T1
    monitor: weekly
collection:
  web: exa + google_grounded
  intranet: crawl4ai
  exclude: [/archive, opinion-blogs]
governance:
  veracity_gate: 0.7
  pii_detect: on_ingestion
  pii_default: redact
  pii_purposes: [kyc, onboarding]
  warrant: on_answer

Components

Navigate and edit the same recipe

tuneScope & dimensions6 dimensions

chevron_right

inventorySources503 · T1 188

chevron_right

cloud_syncCollectionweb + intranet

chevron_right

monitor_heartMonitoringweekly

chevron_right

shieldGovernancegate 0.70 · PII detect + redact

chevron_right

Version history

Each revision is a commit; roll back if needed

Revision	Change	By
v14draft · main	EU AI Act monitoring + tier rules	CJ
v13PROD	Added BIS benchmarking source (T1)	A. Reyes
v12	Tightened veracity gate to 0.70	CJ

Promotion

Move this recipe along the environment path

DEV · v14arrow_forwardUAT · v14arrow_forwardPROD · v13

Promotion is preview-first: a recipe diff is shown, approval is required, and the apply writes a warranted audit entry. Environments are managed under Admin.

Agents

Background agents and the loops that keep the base full and honest · no content shown

Active agents

14/16

bolthealthy

Queue depth

312

trending_down-44

Ingest rate

1.2k/min

trending_upsteady

Errors (1h)

3

trending_downcontained

Background agent	State	Instances	Autonomy	Budget	Throughput
discovery-webCandidate sources · scales out	autorenewRunning	×3	L1 · approve writes	$2.10 / $10	48 found
ingest-webCollect and parse accepted sources · scales out	autorenewRunning	×4	L1 · approve writes	$3.40 / $12	126 in flight
process-embedChunk, type, embed, write · scales out	autorenewRunning	×6	L2 · auto	$1.40 / $6	1.2k/min
crawler-localVault drive ingestion	autorenewRunning	×1	L2 · auto	$0.80 / $8	312 queued
coordinatorLoop oversight	autorenewRunning	singleton	supervisor	n/a	6 loops
review-inconsistencyConflicts and decay	how_to_regAwaiting approval	×1	L0 · propose only	$0.30 / $5	4 proposals

Jobs & schedules

Scheduled and triggered work, and retention

Running jobs

7

bolthealthy

Scheduled

12

schedulenext 06:00

Failed (24h)

2

trending_downretried

Retention

365d

lock_clockwarrants ∞

Schedule	Trigger	Cadence	Last run	Status
Regulator site monitor	cron	daily 06:00	today 06:00	check_circleOK
Decay revaluation	cron	nightly	02:00	check_circleOK
Vault drive sync	event	on change	4m ago	autorenewRunning
Warrant chain checkpoint	cron	hourly	:00	errorRetried

Budgets & circuit breakers

Caps that trip loudly, token budgets, and autonomy levels

Daily spend

$48

paymentsof $120 cap

Breakers tripped

0

check_circlenominal

Retraction cap

25/day

undo6 used

Cascade depth

4

account_treemax

Circuit breakers

Trip loudly and pause the pool

Daily spend$48 of $120

40%

Retractions6 of 25

24%

Cascade depth3 of 4

75%

Error ratecontained

12%

Autonomy & budgets

Per-agent authority and token budget

Default autonomy level

discovery-web$10 / day

L1

crawler-local$8 / day

L2

review-inconsistency$5 / day

L0

Access & personas

Relationship-based access, scoped per knowledge base, for people and agents

Users

86

trending_up+4

Stewards

7

account_tree2 bases

Agent tokens

11

keyscoped

Pending

2

hourglass_emptyinvites

Principal	Knowledge base	Persona	PII mode	Status
Chris Jacksonperson · SSO	Risk & Compliance	User + Steward	Redact	check_circleActive
A. Reyesperson · SSO	Risk & Compliance	Auditor	Block	check_circleActive
copilot-token-04agent · scoped token	Risk & Compliance	Explore (read)	Redact	check_circleActive
j.okafor@person · invited	Markets & Treasury	User	Redact	hourglass_emptyPending

Knowledge bases

One installation, many bases, per-user access

database

Risk & CompliancePROD

503 sources · 1,284 claims · 86 users · shared pool

check_circleHealthy

database

Markets & TreasuryPROD

214 sources · 540 claims · 31 users · isolated

check_circleHealthy

science

SandboxDEV

42 sources · 110 claims · 5 users · shared pool

buildBuilding

Environments

Promote recipe code from development to production, backed by a git repository

Environments

3

lanDEV · UAT · PROD

Recipe version

v14

commitmain

Pending promotions

1

north_eastUAT → PROD

Drift

0

check_circlein sync

Environments

Recipe version deployed in each

Environment	Recipe	Knowledge bases	Status
DEVdevelopment	v14 · main	Risk & Compliance, Sandbox	check_circleCurrent
UATacceptance	v14 · release/14	Risk & Compliance, Markets & Treasury	check_circleCurrent
PRODproduction	v13 · tag v13	Risk & Compliance, Markets & Treasury	north_east1 behind

Recipe repository

Recipes are versioned as code

hubgithub.com/acme/corvair-recipes

main

commitv14: add EU AI Act monitoring + tier rules

2h ago

check_circleCI: recipe validated, 0 errors

verifiedPassing

Promotion pipeline

Move a validated recipe along the path; each promotion is recorded

DEV · v14arrow_forward UAT · v14arrow_forward PROD · v13

Promotions are preview-first: the recipe diff is shown, approval is required, and the apply writes a warranted audit entry. Rollback returns the environment to the previous tag.

Validity warrants

Signed, replayable records: read, verify, and export

Warrants (30d)

1,942

trending_up+128

Verified

1,942

check_circle100%

Failed verify

0

verified_userchain intact

Exported

37

outboxto reviewers

Warrant	Subject	Requester & bounds	Issued	Status
WRNT-204-7	INQ-204 · answer	CJ (RM) · person · in policy	06-17 09:42	verifiedVerified
WRNT-204-9	INQ-204 · decision	CJ (RM) · person · in policy	06-17 09:51	verifiedVerified
WRNT-188-2	KYC lookup · PII access	onboarding-svc · agent · authorised mode	06-17 08:20	verifiedVerified
WRNT-176-5	Deep research RES-118	CJ (RM) · person · in policy	06-16 17:03	verifiedVerified

Framework crosswalks

Coverage against a reporting framework, requirement by requirement

grid_onFramework: SR 11-7

Requirements

42

checklistSR 11-7

Covered

36

trending_up86%

Disclosure gaps

6

north_east2 high

Last reviewed

3d

historyA. Reyes

Requirement	Mapped evidence	Coverage
Independent validation	SR 11-7 §3 · MRM-STD-02	Covered
Ongoing monitoring	MRM-STD-02 §4 · monitoring plan	Covered
Effective challenge record	EC committee memo	Covered
Benchmarking methodology	3 sources, none verified	Gap
Outcomes analysis cadence	partial · internal note (T3)	Gap

Conflict map

Contradictions, single-source dependencies, and decaying premises

Conflicts

4

north_east1 new

Unresolved

3

pendingin triage

Single-source

9

linkdependencies

Decaying

12

trending_downpremises

ConflictModel Risk · Validation

SR 11-7 (T1) requires independent validation; an internal working note (T3) permits a peer reviewer in small teams. The T3 premise is decaying.

Single-sourceBenchmarking

Benchmarking methodology rests on a single unverified source. No corroboration.

Decayingocc.gov · 94d

A load-bearing premise depends on a source last validated 94 days ago.

Validity landscape

Trust and decay across the base, as terrain

eventAs of: today

High validity

71%

trending_upstable

At risk

17%

scheduledecaying

Low / flagged

12%

north_eastreview

Snapshot

live

replayreplayable

Decay terraindownload

Height is validity; lower areas are decaying

Decaying premises

Load-bearing items losing confidence

occ.gov MRM94d since validation

48%

Internal note120d

30%

Vendor packunreachable

10%

Settings

Your profile, knowledge bases, notifications, and defaults

Profile & preferences

How you appear and your defaults

Name

Chris Jackson

Email

ckjackson@corvair.ai

Language

Locked to English in this release

Interface language

EnglishlockOthers

Response language

EnglishlockOthers

Interface and answer language are fixed to English for now. Additional languages will unlock these settings.

Appearance

Theme, text size, and answer defaults

ThemeMatch the workbench (light / dark toggle in the top bar)

Text size

CompactDefaultLargeLarger

Default answer format

MarkdownExecutiveOutline

Knowledge bases & drives

What you are connected to

Risk & CompliancePROD

Markets & TreasuryPROD

Notifications & digest

Background jobs and news

Background job completion

Monitored news

Privacy & PII

Governed by your base policy and role · set by your steward and administrator

Default handling for your roleRedact

Detection on ingestionOn · set in the recipe

Purposes you may declareKYC, Onboarding

You cannot change these here. Detection and the redact, block, or allow policy are configured by your steward during base setup and granted per role by your administrator. Where your role permits, you declare a purpose at the point of use; the exemption applies to that one task and is recorded in the warrant.

Access & sign-in

Identity and connected tools

Single sign-onOkta · connected

check_circleActive

Personal access tokenfor MCP / API

Executive summary

Outline

No results in scope

Search could not complete

Executive summary

Outline

Vault

Topics

News

Cases

Curation queue

Coverage

Coverage radardownload

Branch coverage

Causal graph

Claim graph

Beliefs

Sources

Recipe

Recipe as coderecipe.yaml

Components

Version history

Promotion

Agents

Jobs & schedules

Budgets & circuit breakers

Circuit breakers

Autonomy & budgets

Access & personas

Knowledge bases

Environments

Environments

Recipe repository

Promotion pipeline

Validity warrants

Framework crosswalks

Conflict map

Validity landscape

Decay terraindownload

Decaying premises

Settings

Profile & preferences

Language

Appearance

Knowledge bases & drives

Notifications & digest

Privacy & PII

Access & sign-in

Validity warrant · WRNT-204-7

Today's digest

Digest settings

Log a case to the Steward

Add files

Reclassify document type

Tags

File

Adjust trust tier

Story

Manage knowledge bases

Add composite

Declare a purpose for PII access

Attach from Vault