Establishing Model Risk Management
http://ccro.org © Copyright 2025, CCRO. All rights reserved. 17
3. Embed reasonable model risk management requirements into procurement
documentation, including performance guarantees, audit rights, reasonable model
documentation, and the company’s ownership of model outputs and related data.
4. Establish vendor model validation, system integration, and ongoing monitoring
processes.
5. Document vendor models to the extent practical, provide model training to users and
limit access to qualified individuals with a legitimate business need to use the vendor
model.
6. Assign model ownership and include the vendor model on the company’s model
inventory.
7. Develop backup plans if the vendor model fails, including collaboration plans for
vendor maintenance and replacement strategies if the vendor model needs replacement.
http://ccro.org © Copyright 2025, CCRO. All rights reserved. 17
3. Embed reasonable model risk management requirements into procurement
documentation, including performance guarantees, audit rights, reasonable model
documentation, and the company’s ownership of model outputs and related data.
4. Establish vendor model validation, system integration, and ongoing monitoring
processes.
5. Document vendor models to the extent practical, provide model training to users and
limit access to qualified individuals with a legitimate business need to use the vendor
model.
6. Assign model ownership and include the vendor model on the company’s model
inventory.
7. Develop backup plans if the vendor model fails, including collaboration plans for
vendor maintenance and replacement strategies if the vendor model needs replacement.
