NEW RESEARCH: Your Sandbox Is Made of Glass

Read

Trinitite

PricingResearchBlogPodcasts

For Model Risk · SR 11-7

Pass the model-risk exam before the examiner shows up.

For twelve years, SR 11-7 has been a drawer full of PDFs no examiner can verify, no auditor can replay, and no model owner can quietly fix. Then AI doubled the paperwork overnight.

We turn that drawer into a living record the platform enforces — and any examiner can check for themselves.

The Conversation Every Cycle

You already know how this goes.

Examiner

Show me effective challenge for the transaction-monitoring model.

You

Here’s the validation report — 142 pages.

Examiner

Show me the independent evidence across all three pillars. Is it signed? Can you reproduce the outcomes analysis exactly?

You

…we have screenshots.

Effective Challenge, Enforced

A high-risk model can't be “approved” until all three pillars are proven.

The rule has always required three independent checks. Most banks treat that as “put three sections in the report.” We treat it as a hard gate: miss one, and the model simply cannot reach approved status. There is no override.

AML Monitoring Model — Approval Gate

SR 11-7 §V.B

1

Conceptual soundness

No evidence yet

2

Ongoing monitoring

No evidence yet

3

Outcomes analysis

No evidence yet

🔒 Cannot approve — 0 of 3 pillars proven

Is it sound?

Conceptual soundness

Is the model built right for the job? Are its assumptions written down? Are its limits known?

Is it watched?

Ongoing monitoring

Is performance tracked over time? Is drift caught? Is the model re-checked as the world changes?

Does it work?

Outcomes analysis

Do the model’s answers match reality? Has it been back-tested against what actually happened?

The Examiner's First Question

“Did anyone call a high-risk model low-risk?”

Your team declares a risk level. Independently, the platform calculates its own from how much money is at stake, how complex the model is, and how much you rely on it.

When the two disagree, we don't quietly pick one. We flag it, force the reason into the record, and sign it in place. Examiners look for that disagreement first — it isn't a bug, it's the single most useful signal in the file.

Team declared

Tier 3 · Low

Platform calculated

Tier 1 · High

Recorded as

Mismatch — signed

3 of 3

Pillars Required

No

Override

Signed

Tamper-Evident

Self-Verify

By The Examiner

Why Nobody Else Can Say This

Documentation vs. a mechanical guarantee.

Verify bundle

Your auditor checks the proof — in a browser

1

Recompute Merkle root

Hash all per-item attestations together

2

Verify KMS signature

Public key check — anyone can run it

3

Resolve external anchor

RFC 3161 + Sigstore Rekor proof

4

Verified offline

No Trinitite account needed

Everyone else

Trinitite

Three pillars listed in a section header

Approval is refused until each pillar has real evidence behind it

The submitter picks whatever risk tier they like

The platform computes its own tier and flags every disagreement

"We promise we don’t change approved records"

A signed seal that breaks the instant a record is edited

A 142-page PDF the examiner cannot verify

A record the examiner can re-check independently in minutes

Validation evidence lives in screenshots

Evidence is bit-for-bit reproducible by an outside party

Aligned to Federal Reserve SR 11-7, OCC 2011-12, and OSFI E-23 — and it maps cleanly to EU AI Act Article 9 and the NIST AI risk framework.

SR 11-7, Answered

Does SR 11-7 apply to AI and LLM models?

Does SR 11-7 apply to AI and LLM models?

Yes. Federal Reserve SR 11-7 (and OCC 2011-12 and OSFI E-23) cover any model whose output informs a business decision — which includes AI/ML systems and LLMs. The supervisory standard does not exempt them; it just adds artifacts. Trinitite captures model cards, AIBOMs, LoRA weight hashes, prompt SBOMs, and kernel config fingerprints as first-class SR 11-7 evidence so AI models sit in the same record-of-record as traditional models.

What is effective challenge under SR 11-7?

Effective challenge is SR 11-7 §V.B’s requirement for three independent validation pillars on a high-risk (tier-1) model: conceptual soundness, ongoing monitoring, and outcomes analysis. Trinitite enforces it as a hard approval gate — a tier-1 model cannot reach approved status until at least one independent activity is registered against each pillar. There is no override.

How do you prove model validation to a Fed or OCC examiner?

Every MRM record is sealed by a content-Merkle root over ten leaves and signed with the org KMS key, so silently amending any section after approval breaks verification. The examiner recomputes the root from the stored sections, checks it against the signed envelope, and walks the declared-tier vs derived-tier field for surfaced disagreements — independently, without Trinitite in the room.

The Evidence Behind Each Pillar

Outcomes analysis becomes a signed eval harness receipt — champion-vs-challenger as a deterministic accuracy delta, not two spreadsheets. Effective challenge under §IV becomes a MITRE ATLAS red-team attestation, and ongoing monitoring becomes continuous evals with PSI drift alarms. Every one is built on deterministic replay.

Walk into the next exam with proof, not screenshots.

Bring one model through the gate with us. See the three-pillar check, the tier disagreement flag, and the signed record an examiner can verify on their own.