Framework · Model risk
SR 11-7 for AI and LLMs.
The Federal Reserve and OCC's guidance on model risk management treats quantitative models — increasingly, the LLMs in your workflows — as something to inventory, monitor, document, and govern. Meilynx produces the evidence that expectation requires.
Inventory, monitor, document, govern.
SR 11-7 is built on a simple expectation: a firm should know which models it runs, watch how they behave, document them well enough for independent review, and govern their use with real controls.
- A complete, current model inventory — you can't govern what you can't see.
- Ongoing monitoring of how models are used and how they perform.
- Documentation sufficient for an independent validator to review.
- Governance and controls over model access and use, with effective challenge.
Each requirement, to a control.
The mapping below is the credible core: a specific Meilynx control for each SR 11-7 expectation, and the artifact it produces.
SR 11-7 → Meilynx controls
| Requirement | How Meilynx maps | Examination artifact |
|---|---|---|
Maintain a complete inventory of models in use SR 11-7 · Governance | An SR 11-7-style model inventory is auto-populated from live proxy traffic — every model, version, and the team calling it — so the inventory reflects reality, not a stale spreadsheet. | Model inventory, generated from traffic |
Ongoing monitoring of model use and performance SR 11-7 § V | The proxy captures model, tokens, cost, latency, and governance findings on every call, with anomaly signals surfaced continuously. | Monitoring telemetry + findings log |
Controls and policy over model usage SR 11-7 § VI | Policy-as-code governs which models each team may use, with inline enforcement and role-based access — readable by the people who own the control. | Policy snapshot + access matrix |
Documentation sufficient for independent review SR 11-7 § V | A tamper-evident, hash-chained record of model use and every governance decision provides the durable documentation an independent validator or examiner can review. | Examination-ready audit trail |
Effective challenge and change tracking SR 11-7 § III | Versioned policy and an immutable record of what changed, when, and what it affected supports the effective-challenge expectation around model controls. | Versioned policy history |
Maintain a complete inventory of models in use
SR 11-7 · Governance
Maps to · An SR 11-7-style model inventory is auto-populated from live proxy traffic — every model, version, and the team calling it — so the inventory reflects reality, not a stale spreadsheet.
Examination artifact · Model inventory, generated from traffic
Ongoing monitoring of model use and performance
SR 11-7 § V
Maps to · The proxy captures model, tokens, cost, latency, and governance findings on every call, with anomaly signals surfaced continuously.
Examination artifact · Monitoring telemetry + findings log
Controls and policy over model usage
SR 11-7 § VI
Maps to · Policy-as-code governs which models each team may use, with inline enforcement and role-based access — readable by the people who own the control.
Examination artifact · Policy snapshot + access matrix
Documentation sufficient for independent review
SR 11-7 § V
Maps to · A tamper-evident, hash-chained record of model use and every governance decision provides the durable documentation an independent validator or examiner can review.
Examination artifact · Examination-ready audit trail
Effective challenge and change tracking
SR 11-7 § III
Maps to · Versioned policy and an immutable record of what changed, when, and what it affected supports the effective-challenge expectation around model controls.
Examination artifact · Versioned policy history
What you hand to a validator.
The audit trail renders into a package built around the SR 11-7 reflex — a model inventory drawn from live traffic, the controls in force, and a tamper-evident record an independent reviewer can verify.
In the package
- SR 11-7-style model inventory, auto-populated from traffic.
- Control coverage across the monitoring period.
- Versioned governance policy snapshot.
- SHA-256 integrity hash over the audit chain.
SR 11-7 and AI.
Are LLMs in scope for SR 11-7?
SR 11-7 defines a model broadly as a quantitative method that produces estimates or outputs to inform decisions. Most supervisors and firms treat LLMs used in decision-relevant workflows as models — which brings inventory, monitoring, documentation, and governance expectations into scope.
Does Meilynx validate my models?
No — statistical model validation remains your model-risk team's responsibility. Meilynx supplies the inventory, ongoing-monitoring telemetry, controls, and documentation that validation and examination depend on. It makes the evidence complete and tamper-evident; it does not replace the validator.
How does the model inventory stay current?
Because Meilynx sits inline in the request path, every model call is observed as it happens. The inventory is derived from real traffic, so a model in use cannot be missing from it — closing the gap that manual inventories leave.
See exactly what an examiner receives
Download a sample examination package — model inventory, control coverage, a governance policy snapshot, and a SHA-256 integrity hash.