In a recent FDIC exam, our examiner recommended the Bank develop a model governance policy related to our BSA Software (Verafin) that include levels of authorization and dictate reporting to upper Management or the Board related to Verafin (i.e., number of alerts reviewed, cases, alert efficiency, and significant parameter changes.) Has anyone prepared or been asked for such a policy you can share? I would like to just include a simple section in our current BSA Policy.

I also would favor adding a new section to your existing BSA policy rather than creating a whole new board policy just for your BSA software. As long as what they want is included in a policy approved by the board, I don't think the examiners will have a problem with it.

Model Governance doesn't belong in your AML Policy (It can be referenced, but it should point to a stand alone policy) as it covers more than just AML and Sanctions models and other non-AML models (Credit, market, IRR, etc.) would also need to be included.

I based my response on April's statement that "our examiner recommended the Bank develop a model governance policy related to our BSA Software. That leads me to believe they are looking for something much more narrowly focused and specific than an overall model governance policy.

I don't know anyone who has a stand alone MG Policy for an AML system. There are more important models in a financial institution than a TMS/sanctions system(s). But if that's what you think they are asking you for go for it. I would suggest clarifying it with the regulators though.

some guidance

https://www.federalreserve.gov/supervisionreg/srletters/sr1107a1.pdf

As ACB stated there needs to be a comprehensive model risk policy not just BSA.

The tricky part is determining what is a model. It is most likely more models than you think.