SR 26-2 Briefing for Banks Over $30 Billion

Strategic Briefing

April 2026

SR 26-2 updates the model risk management framework that has shaped supervisory expectations since SR 11-7 and OCC 2011-12. For banking organizations over $30 billion in assets, the revised guidance remains directly relevant, but the tone, scope, and operational expectations have changed.

This briefing explains the major shifts introduced by the revised interagency guidance, including the move toward a more principles-based framework, the softened approach to validation independence, the narrowed model definition, and the need for a separate governance construct for generative and agentic AI.

What the Briefing Covers

The briefing is designed for model risk management, compliance, risk, and governance leaders at larger banking organizations. It highlights what has changed, what remains unchanged, and where institutions should focus first as examiner expectations evolve under the revised framework.

It also outlines a practical 60-to-90-day roadmap for policy updates, inventory re-scoping, validation methodology changes, AI governance, vendor risk review, and board-level communication.

Key Topics

• What changed from SR 11-7 to SR 26-2
• Why institutions over $30B remain squarely in scope
• Validation independence and effective challenge
• New vocabulary around materiality, exposure, purpose, and aggregate risk
• Generative and agentic AI governance gap
• Recommended actions for the next 90 days

Access the Full Briefing

View the full briefing for the complete analysis, operational implications, and recommended near-term actions for banking organizations over $30 billion in assets.