Training Governance for Financial Model Training

Regulatory Framework

The regulatory perimeter for financial AI is the densest in any industry. SR 11-7, issued jointly by the Federal Reserve and OCC in 2011 and reaffirmed by SR 21-13 in 2021, establishes the model risk management framework that every U.S. banking organization is examined against. SR 11-7 requires effective challenge across model development, implementation, and use, with documentation that supports independent validation. OCC Heightened Standards under 12 CFR Part 30 Appendix D extend governance expectations to large national banks, requiring board-level oversight of model risk and explicit articulation of risk appetite.

In Europe, the EBA Discussion Paper on machine learning for IRB models sets out supervisory expectations specifically for ML in credit risk: explainability, traceability, and stability across economic conditions. The EU AI Act Article 9 imposes risk-management obligations on high-risk systems, and many financial-services AI applications fall within the Annex III high-risk perimeter. DORA, in force since January 2025, layers operational-resilience requirements onto ICT risk management, including ICT-third-party-risk and threat-led penetration testing, both of which reach AI systems. GDPR Article 22 imposes constraints on solely automated decision-making with significant effects, which captures many credit, insurance, and AML use cases.

Market-conduct regulation runs in parallel. MiFID II RTS 6 requires investment firms engaged in algorithmic trading to maintain effective systems and risk controls, including pre-deployment testing under stressed conditions and the ability to halt trading. FFIEC examination guidance, NIST AI RMF, and the FRB SR 21-13 reaffirmation collectively underline that the supervisor expects an institution to demonstrate not only that the model performed well historically but that the institution understands which historical conditions produced which model behavior. A model trained without regime-aware governance cannot satisfy this expectation in any principled way.

Architectural Requirement

The architectural requirement is regime-stratified gradient routing. Structural market dynamics that persist across regimes - mean reversion in credit spreads, volatility clustering, the leverage effect, term-structure dynamics - must route to deep representational layers and form the model's foundational market knowledge. Regime-specific patterns - bull-market momentum behavior, crisis-correlation breakdown, recovery-phase liquidity normalization - must route to intermediate layers, where they are recognized when active but do not dominate default behavior. Idiosyncratic event signatures - the precise pattern of a specific crash or rate shock - must route to bounded surface depth, so that the model can identify analogous conditions without memorizing the event as a generative template.

Each routing decision must be paired with a provenance record that connects model outputs to the regimes most responsible for them. SR 11-7 effective challenge cannot proceed without this artifact. EBA stability expectations, EU AI Act Article 9 risk-management duties, MiFID II RTS 6 stressed-condition testing, and DORA threat-led testing all require the institution to know how a model will behave when regime conditions shift. The routing record is the structural answer.

The architecture must also be reproducible. Validation under SR 11-7 and OCC Heightened Standards requires that an independent function can reproduce the development outcome from documented inputs. The annotated dataset, the routing policy, and the depth manifest together form the reproducibility primitive that traditional MLOps pipelines often lack.

Why Procedural Compliance Fails

Financial institutions have invested heavily in procedural model risk management: validation reports, model inventories, ongoing-monitoring dashboards, periodic re-validation cycles. None of this addresses the regime-blind training problem. A validation report that documents in-sample backtest performance across labeled regimes does not establish that the model has learned regime-specific patterns at appropriate depth. The labels were used for evaluation, not for training. The model still saw all data with uniform gradient signal.

The consequence is structural fragility. A risk model that performed well in backtests across the 2008 crisis, the 2020 pandemic shock, and the 2022 rate cycle may have learned each event as a memorized signature while failing to learn the generalizable dynamics that produce regime transitions. In a novel transition - a sovereign-debt shock with structural features unlike any in the training set - the model will produce outputs that average across memorized episodes rather than reasoning from structural foundations. SR 11-7 effective-challenge documentation will report the historical performance; it will not predict the failure.

EU AI Act Article 9 contemplates this directly. The risk-management system must address risks across the lifecycle, including training. An institution whose training pipeline does not differentiate structural from regime-specific learning has no architectural mechanism to demonstrate that it has identified or mitigated this class of risk. The validation artifact and the supervisory expectation are misaligned. EBA expectations on ML stability across economic conditions, MiFID II RTS 6 stressed-condition testing, and DORA threat-led testing share the same gap. Procedural compliance produces extensive paperwork; architectural governance produces a model whose behavior is causally traceable.

GDPR Article 22's right to meaningful information about the logic of automated decisions further exposes the gap. A credit-decision model that cannot trace its assessment of a specific applicant to the regime conditions that most influenced the assessment cannot, in any honest sense, provide meaningful information about its logic. Procedural compliance produces a privacy notice; architectural governance produces an explanation.

What AQ Primitive Provides

The AQ training-governance primitive operationalizes regime-stratified gradient routing as a first-class component of the training pipeline. Historical data is annotated with regime classification, structural-pattern labels, and event-signature flags. The gradient router enforces a layer-depth and gradient-magnitude profile per category: structural patterns route to foundational layers at full magnitude, regime-specific patterns route to intermediate layers at moderated magnitude, event signatures route to bounded surface depth.

Entropy-based training profiles detect memorization in flight. When the model's representation of a specific event begins to dominate gradient updates, the routing policy attenuates the signal. The model learns the structural lesson of the event without binding to its idiosyncratic signature. Provenance tracing connects each model output to the regime mix that most influenced it: a risk assessment can be decomposed into the structural, regime-specific, and event-signature contributions, giving model-risk validators and risk officers a causal account of model behavior.

Each training run emits a routing policy, an annotated dataset manifest, and a depth-and-provenance record. These artifacts are designed to drop into existing SR 11-7 model risk documentation, OCC Heightened Standards governance reports, EBA ML supervisory submissions, EU AI Act Article 9 risk-management files, DORA ICT-risk records, MiFID II RTS 6 control documentation, and NIST AI RMF Measure dashboards. The model's behavior is traceable to its training causes by construction, not by reverse-engineering after the fact.

Compliance Mapping

The AQ training-governance primitive maps to the relevant regulatory and supervisory frameworks as follows. SR 11-7 effective-challenge documentation is satisfied by the routing policy, annotated dataset manifest, and depth-and-provenance record, which together provide independent validators with the inputs needed to reproduce and challenge the development outcome. SR 21-13 reaffirmation of effective challenge in the ML era is supported by the same artifacts, with the addition of memorization-detection logs that demonstrate the institution actively monitors for over-specialization.

OCC Heightened Standards governance expectations are supported by the policy-versioning workflow, which produces the board-readable risk-appetite statements that 12 CFR Part 30 Appendix D contemplates. EBA ML Discussion Paper expectations on explainability and stability are addressed by the provenance trace and the regime-stratified routing record. EU AI Act Article 9 risk management is satisfied by the routing policy itself as the documented mechanism by which training-time risks are identified and mitigated. EU AI Act Article 10 data governance is satisfied by the annotation taxonomy and dataset manifest. Article 12 logging is satisfied by the per-run training log. Article 13 transparency and Article 14 human oversight are supported by the depth-and-source documentation and the policy-approval workflow.

DORA ICT risk-management duties are supported by the artifact set's integration with the institution's ICT-risk repository, including the threat-led penetration-testing workflows that exercise model behavior under adverse regime conditions. MiFID II RTS 6 stressed-condition testing is supported by the regime-suppression test mode, in which validators can suppress regime-specific routing at evaluation time to expose the model's structural-only behavior. FFIEC examination requests are answered with the same artifacts. GDPR Article 22 meaningful-information requirements are supported by the per-output provenance trace. NIST AI RMF Govern, Map, Measure, and Manage functions are each grounded in concrete artifacts, the same way they are in other domains.

Adoption Pathway

Adoption proceeds in three phases. Phase one is annotation onboarding: the quantitative team adopts the AQ regime-and-structural taxonomy, attaches it to the historical training corpus, and binds each annotation to the regime detection methodology and the structural-economics rationale. This phase typically surfaces gaps in existing data lineage that are independently valuable to the model risk function.

Phase two is routing-policy authoring. Quant, risk, and validation jointly specify the depth and gradient-magnitude profile per category, and the policy is signed as a versioned artifact. The policy is reviewed by the model risk management function as part of the institution's effective-challenge process, and the policy itself becomes a documented input to the SR 11-7 validation. The first run under the policy produces a baseline depth manifest, a baseline provenance trace for the model's historical outputs, and a regime-suppression evaluation that reveals the model's structural-only behavior under stressed conditions of the kind contemplated by MiFID II RTS 6 and DORA threat-led testing.

Phase three is integration with the institution's broader model risk and operational-resilience infrastructure: artifacts are wired into the SR 11-7 documentation pipeline, the OCC governance reporting workflow, the EBA supervisory-submission process, the EU AI Act Article 12 log, the DORA ICT-risk repository, the MiFID II RTS 6 control system, and the FFIEC examination evidence base. The validation function adopts the routing policy as a primary control point in its annual review cycle, and ongoing monitoring is reconfigured to track both performance metrics and provenance-mix shifts that may indicate the model is drifting toward over-reliance on regime-specific patterns. From that point forward, every retrain is supervisor-ready by construction, and the institution can demonstrate, with architectural evidence rather than procedural assertion, that its financial AI is governed under SR 11-7, EU AI Act, DORA, and the broader supervisory regime.