How to use this tool: For each requirement below, rate your firm's current compliance using the R Red (not in place), A Amber (partially in place), or G Green (fully in place) buttons. When complete, click Generate Gap Report for your remediation priorities.
SS1/23 Gap Assessment Report
0Red — Not in place
0Amber — Partially in place
0Green — Fully compliant
Ready to close these gaps?
ERM Plus has pre-built all 76 SS1/23 requirements into a fully configured, audit-ready MRM framework. Most firms go from gap assessment to compliant in weeks, not months.
Principle 1 — Model Identification & Model Risk Classification
0 / 15 rated
1.1 Model Definition
Adopt PRA model definition
Approved model definition in policy
Assess deterministic quantitative methods for inclusion
Assessment criteria
Document controls for deterministic methods not classified as models
Control documentation
1.2 Model Inventory
Maintain complete and accurate model inventory
Inventory extract
Maintain firm-wide consolidated inventory
Consolidated inventory
Capture purpose, intended use, actual use, operating boundaries
Model documentation
Capture assumptions and limitations
Assumptions log
Capture validation findings, indicators, remediation actions
Validation reports
Capture governance details (owners, validators, dates, frequency)
Governance records
1.3 Model Tiering
Implement firm-wide model tiering methodology
Tiering methodology
Assess materiality using quantitative and qualitative factors
Tiering assessment
Assess complexity (data, methodology, assumptions, implementation)
Complexity scoring
Consider interpretability, explainability, transparency, bias
AI/ML risk assessment
Periodically validate tiering methodology
Validation report
Reassess tier assignments during validation
Validation evidence
Principle 2 — Governance
0 / 16 rated
2.1 Governance Structure
Establish a clear MRM governance framework
MRM governance policy
Define roles and responsibilities for all MRM stakeholders
RACI or responsibility matrix
Ensure Board oversight of model risk
Board minutes / oversight reports
Ensure senior management accountability for MRM
SMF accountability statements
2.2 Policies & Standards
Maintain a firm-wide MRM policy
Approved MRM policy
Maintain model development, validation, and use standards
Standards documents
Ensure policies cover all model types including AI/ML
Policy updates
2.3 Model Approval
Implement a formal model approval process
Approval records
Ensure independent validation before approval
Validation reports
Require approval for material model changes
Change approval logs
2.4 Model Committees
Establish model risk or model governance committees
Committee ToR
Ensure committees review model performance, issues, and risk
Committee minutes
Ensure committees challenge model owners and validators
Challenge logs
2.5 Reporting
Produce regular model risk MI for senior management
MI packs
Report model inventory, tiering, validation status, and issues
Inventory and validation MI
Escalate material model risks and breaches
Escalation logs
Principle 3 — Model Development, Implementation & Use
0 / 14 rated
3.1 Model Development
Develop models using sound, robust, and appropriate methodologies
Model development documentation
Ensure data used in development is accurate, representative, and appropriate
Data quality assessment
Document model design, assumptions, limitations, and intended use
Model design document
Ensure model performance measures are defined and justified
Performance metrics documentation
3.2 Implementation
Implement models in a controlled and governed manner
Implementation records
Ensure implementation matches the approved model design
Implementation testing evidence
Conduct implementation testing and reconciliation
Test results
3.3 Model Use
Use models only within approved scope and operating boundaries
Usage logs
Monitor model performance regularly
Performance monitoring reports
Identify and escalate model issues promptly
Issue logs
Ensure users understand model limitations and assumptions
User guidance
3.4 Model Change Management
Apply formal change management to all model changes
Change control records
Classify changes as material or non-material
Change classification evidence
Validate material changes before implementation
Validation report
Obtain approval for material changes
Approval records
Principle 4 — Independent Model Validation
0 / 17 rated
4.1 Independence
Ensure validation is independent from model development and use
Org chart / independence statement
Ensure validators have appropriate expertise and seniority
Validator competency records
Ensure validators have access to all necessary information
Access logs / evidence
4.2 Validation Scope
Validate model methodology, data, assumptions, and limitations
Validation report
Validate model implementation and coding
Implementation testing evidence
Validate model performance and outcomes
Performance testing results
Validate model use, operating boundaries, and appropriateness
Use-case assessment
4.3 Validation Frequency
Validate models at a frequency aligned to their tier
Validation schedule
Re-validate models after material changes
Change validation report
Increase validation frequency if performance deteriorates
Escalation evidence
4.4 Validation Findings
Document findings, severity, and remediation actions
Validation findings log
Track remediation actions to completion
Remediation tracker
Escalate overdue or high-severity issues
Escalation logs
4.5 Validation Standards
Maintain firm-wide validation standards
Validation standards document
Ensure validation standards cover AI/ML models
Standards updates
Principle 5 — Model Risk Mitigants
0 / 14 rated
5.1 Model Risk Mitigation
Identify and document model limitations
Limitations log
Implement compensating controls for model limitations
Control documentation
Ensure controls are proportionate to model tier
Control assessment
Monitor effectiveness of model mitigants
Mitigant performance reports
5.2 Model Monitoring
Perform ongoing monitoring of model performance
Monitoring reports
Track model performance metrics and thresholds
KPI/KRI logs
Escalate breaches of performance thresholds
Escalation logs
5.3 Model Adjustments
Apply model overrides or adjustments only when justified
Override documentation
Ensure overrides are approved by appropriate governance
Approval records
Monitor frequency and impact of overrides
Override monitoring reports
5.4 Model Decommissioning
Apply formal process for model decommissioning
Decommissioning records
Update inventory and governance records after decommissioning
Updated inventory
Ensure decommissioning does not create new risks
Risk assessment
5.5 Use of Compensating Controls
Document rationale for compensating controls
Control rationale
Review compensating controls regularly
Control review evidence