Agents are not "models" under SR 11-7 but consume model outputs and produce outputs used in regulated decisions. Compound model risk is unowned.
SR 11-7, the Federal Reserve's Guidance on Model Risk Management, defines the scope of model risk management frameworks. A "model" under SR 11-7 is a computational representation of a real-world process that uses mathematical or statistical techniques to estimate relationships among variables. Models used in regulated decisions (credit decisions, fraud detection, trading, etc.) fall under SR 11-7 governance: they must be validated, monitored, and governed by a dedicated model risk team.
Autonomous agents are not models. An agent is a software system that can perceive its environment, reason about it, and take actions. An agent consumes models (invokes them via APIs), but the agent itself is not a model in the SR 11-7 sense. Therefore, agents are not explicitly covered by SR 11-7 model governance frameworks.
However, agents that consume models and produce outputs used in regulated decisions create compound model risk. The model risk team is responsible for validating the credit scoring model. But the agent risk team (or the agent governance framework) is responsible for ensuring that the agent uses the model correctly, preserves the model's assumptions, and communicates the model's outputs appropriately. When the agent team is separate from the model team (which is common in large organizations), ownership of the compound risk is unclear.
The governance gap is: "The credit model is validated under SR 11-7. The agent consumes the credit model. Who is responsible for validating that the agent's use of the credit model is sound?" In many organizations, the answer is "nobody explicitly." The model team says "We validated the model; the agent team must use it correctly." The agent team says "We are using the model as intended; the model team must ensure the model is valid." The compound risk falls through the cracks.
A large financial institution's credit underwriting process relies on a credit scoring model (validated under SR 11-7 model governance). The model has been in production for 3 years and is monitored quarterly. The model risk team has sign-off authority over the model and can require retraining or deprecation if performance degrades.
The institution deploys an agentic credit recommendation system to accelerate the underwriting process. The agent is designed to: (1) collect applicant information, (2) score the applicant with the credit model, (3) review the score in context (employment history, collateral, etc.), and (4) recommend approve or decline with a confidence level. The agentic system is deployed outside the purview of the model risk team; the chief credit officer and chief technology officer jointly approved the system.
The agent consumes the credit model but does not own the model (ownership remains with the model risk team). The agent is responsible for recommendations, not for model validation. The model risk team is responsible for model validation but not for how agents use the model.
Over time, a demographic shift occurs: more credit applications come from self-employed individuals, a demographic with irregular income patterns that the original credit model was not trained to evaluate. The model's performance degrades: AUC drops from 0.85 to 0.78. The model risk team detects this drift and flags the model for retraining.
However, the agent has already made recommendations on 5,000 applications from self-employed applicants based on the drifted model. These recommendations are not flagged or reversed; they are treated as normal underwriting decisions. The model risk team retrains the model (now including self-employed applicants in the training set), but the 5,000 prior recommendations are already in the loan portfolio.
Six months later, charge-offs on the 5,000 self-employed loans are significantly higher than on loans underwritten with the retrained model. The institution's credit losses increase. Regulators investigating the charge-off increase discover that: (1) the model drifted and the model risk team detected it; (2) an agent had been using the drifted model to make recommendations; (3) there was no process to identify and review the 5,000 prior recommendations after the drift was detected; (4) the model team and agent team did not communicate about the drift or its implications.
Regulators cite this as a model governance failure. Under SR 11-7, the institution must have controls to ensure that models are validated and that model outputs are appropriately used. The institution failed to have controls over agent use of the drifted model.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 3 | The scope gap is a structural governance issue, not detectable through monitoring. Detection requires explicit audit of whether agent use of models is governed by the model team. |
| A - Autonomy Sensitivity | 5 | The scope gap expands as agents have more autonomy over model selection and use. |
| M - Multiplicative Potential | 4 | The scope gap affects all agent-model interactions. If there are 10 agents and 10 models, there are 100 potential unowned interactions. |
| A - Attack Surface | 5 | Any agent consuming a model is exposed. The surface grows with agent and model ecosystem maturity. |
| G - Governance Gap | 5 | This is the governance gap itself. By definition, there is a structural gap in ownership. |
| E - Enterprise Impact | 4 | The scope gap does not immediately cause failures, but it creates conditions for failures (drift propagation, version conflicts, contamination) to go undetected and unmanaged. |
| Composite DAMAGE Score | 4.2 | Critical. Requires joint governance framework bridging model risk and agent risk teams. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Human expert is responsible for appropriate model use. |
| Digital Apprentice | Medium | Limited model consumption; scope gap is narrow. |
| Autonomous Agent | High | Autonomous model use without explicit model governance. |
| Delegating Agent | Critical | Dynamic model selection and invocation without explicit scope ownership. |
| Agent Crew / Pipeline | Critical | Multiple agents, each consuming models, compound governance gap. |
| Agent Mesh / Swarm | Critical | Peer-to-peer model consumption across many agents. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| SR 11-7 | Partial | Model governance, validation, monitoring, and use | Model risk management; governance. | Agent use of models and compound model risk. |
| NIST AI RMF 1.0 | Partial | Govern function; accountability for AI systems | AI governance and accountability. | Bridging the gap between model governance and agent governance. |
| EU AI Act | Partial | High-risk AI systems: model governance | Model governance for AI. | Agent-model interactions and compound risk. |
| MAS AIRG | Partial | Domain 6: Model governance and data risk management | Model governance; data quality. | Agent-model interactions. |
| ISO 42001 | Partial | Section 8.2, Model governance | Model governance. | Agent-model interactions and scope ownership. |
| GLBA Section 501 | Partial | Safeguards for financial systems | System security and governance. | Agent-model interactions and governance ownership. |
SR 11-7 exists because models are central to regulated decision-making in financial services. Regulators have learned (through past crises) that models can fail silently and create systemic risk. SR 11-7 requires institutions to own the risk and to have governance frameworks that detect and manage model failures.
When agents consume models without explicit governance, the institution is effectively operating outside SR 11-7 scope. Regulators have made clear (in enforcement actions) that they expect institutions to govern all systems that make regulated decisions, including systems that consume models. An institution that deploys agents without extending model governance to cover agent-model interactions is violating the spirit and the letter of SR 11-7.
The regulatory response is not merely a citation; it is a demand for remediation. Regulators will require the institution to: (1) implement explicit governance for all agent-model interactions, (2) retroactively review all agent-based decisions for model-related failures, and (3) establish a governance framework that integrates model and agent teams.
SR 11-7 Scope Gap requires a joint governance framework that bridges model risk management and agent governance teams. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing