Right-Sizing Model Risk Management

Model risk management isn’t one-size-fits-all.

On October 6, 2025, the OCC issued Bulletin 2025-26 (https://lnkd.in/diiunKRc), reminding community banks that model risk practices, including how often models are validated, should be right-sized to an institution’s complexity, resources, and risk profile.

I was glad to see the OCC explicitly say it does not expect every model to be validated every year.

I’ve long believed that a thoughtful, risk-based approach beats a blanket rule , and that perspective shapes how we work at ValuRisk Partners. While much of our work centers on independent model validations, we also help institutions set up or refine their model risk programs - creating inventories, risk-tiering frameworks, and practical validation cycles that actually make sense for their size, risk exposure and resources.

This bulletin also reflects today’s broader regulatory environment: the current administration has signaled a desire to reduce unnecessary burden on community and regional banks, and we’re seeing that show up in model risk supervision. The OCC seems to be re-emphasizing flexibility and judgment rather than a rigid “validate everything annually” mindset.

That could mean some institutions choose to lengthen their validation cycles, and while that might reduce the number of validations we see in the near term, it’s ultimately a smart, sustainable approach to model risk management.