Model risk management is viewed as shifting from a compliance driven function to a strategic capability, according to a recent survey of 79 model risk management leaders conducted in association with Risk.net.
More than half of surveyed banks across retail (58%), commercial (52%), and investment (67%) segments report mature governance frameworks. At the same time, model inventories are expanding rapidly. Some institutions are already managing hundreds, and in many cases thousands of models.
This combination of governance maturity and scale is creating a new challenge. Banks are increasingly expected not only to strengthen governance, but to govern faster, at greater scale, and across a broader range of models, including those powered by artificial intelligence (AI).
A rapidly expanding model universe
Models are proliferating across banks, driven by increased AI adoption and evolving regulatory expectations. All banks surveyed reported growth in the number of models over the past two years. Nine percent of retail banks, 16% of commercial banks, and 17% of investment banks reported increases of more than 50%.
Models are no longer confined to specialist quantitative teams. They are now used across risk, finance, compliance, and operational decision making, creating a more complex and distributed model risk environment.
While many banks still report relatively small inventories of fewer than 50 models, a significant number are managing more than 250. At the upper end of the spectrum, inventories have already surpassed 1,000 models. Around one fifth of commercial banks reported more than 1,000 models in use, and most investment bank respondents operate at a similar scale.
Model risk is no longer concentrated in a few areas. It is distributed across the enterprise and continuing to grow.
Regulation is expanding expectations and scope
Regulatory change remains a key driver of model growth. Requirements such as stress testing under International Financial Reporting Standards (IFRS 9) and the continued use of the internal ratings based approach are sustaining demand for new models.
At the same time, regulatory guidance is expanding the scope of model risk management. Frameworks such as the UK Prudential Regulation Authority’s supervisory statement SS1/23 and the Federal Reserve’s SR 11 7 guidance are contributing to a wider range of analytical tools and decision support models into scope, including those using AI and machine learning techniques. As a result, banks are increasingly required to reconsider what qualifies as a model and to bring previously unmanaged analytical assets into formal governance frameworks.
Related reading: Regulators drive new standards for AI model risk management.
Governance is improving, but pressure is increasing
Survey results suggest meaningful progress. More than half of respondents now report mature model risk management governance, often characterized characterized by centralized model inventories, structured tiering, independent validation, and formal oversight.
However, these frameworks are being tested by the pace of change. As inventories grow and diversify, maintaining an accurate enterprise wide view becomes more challenging. In response, many banks are moving from periodic inventory exercises to more dynamic approaches including continuous model discovery and classification. These efforts are often supported by centralized platforms that track changes in model usage, ownership, and risk in near real time.
At the same time, the boundaries of the model inventory continue to expand. Functions such as compliance and fraud, once considered outside formal model governance, are increasingly being brought into scope.
The central tension: control versus innovation
Banks face a fundamental tension. Effective model risk management is critical to reducing regulatory, financial and operational risk. Yet overly restrictive governance can slow development and constrain innovation.
This tension is often intensified by AI. While AI enables the development of more complex and potentially more valuable models, it also increases governance complexity. Banks that succeed are likely to be those that adapt governance frameworks in a way that maintains control without introducing unnecessary friction.
For more on how AI is reshaping governance expectations, see Model Risk Management in the Age of AI.
Model risk management as an enabler of scale
As a result, the role of model risk management is evolving. Rather than acting solely as a control function, it is increasingly viewed as an enabler of scale, helping provide the structure, transparency, and confidence needed to support expanding model inventories.
Many institutions are exploring the use of AI to support model risk management itself, including automation for monitoring, documentation, and validation support. This can help teams manage higher volumes of models more efficiently, without necessarily requiring a proportional increase in resources.
Banks are also investing in infrastructure, such as centralized model inventories and workflow platforms, to improve consistency, visibility, and control across the model lifecycle.
Learn how Moody’s supports model lifecycle management, including inventories, monitoring, and audit-ready documentation, in our Model risk and governance solution overview.
A clear trajectory
Model inventories are expected to continue to grow. Regulatory expectations are likely to broaden. AI is expected to continue to reshape both model development and governance.
In this environment, the focus is increasingly on how quickly model risk management needs to evolve. Banks that treat model risk management as a strategic capability, rather than solely as a compliance requirement, will likely be better positioned to support innovation at scale while maintaining appropriate controls and confidence in their decisions.
Discover more: Model risk and governance
Survey information: The survey was conducted by Risk.net in collaboration with Moody’s in January and February 2026, with follow up interviews in March 2026.
Further reading