Skip to content

PRA Prudential Requirements

The Prudential Regulation Authority (PRA) sets requirements for operational resilience and model risk management that apply to AI systems in UK financial services.

Key Requirements

Operational Resilience (SS1/21)

Requirement OxideShield Feature Status
Impact tolerance Policy thresholds
Testing Red team scanner
Scenario planning Simulation mode
Recovery capability Emergency controller

Model Risk Management (SS1/23)

Requirement OxideShield Feature Status
Model inventory Policy-as-code
Validation Scanner + benchmarks
Ongoing monitoring Telemetry
Change management Git-based policy

Third-Party Risk

Requirement OxideShield Feature Status
Vendor assessment Documentation
Exit strategy Self-hosted option
Concentration risk Multi-vendor support

Implementation

# PRA compliant configuration
policy:
  name: pra-compliant-ai
  model_risk_tier: 1  # High impact

  operational_resilience:
    impact_tolerance_ms: 100
    recovery_time_objective_seconds: 300
    testing_frequency: quarterly

  guards:
    - name: safety-critical
      type: MultiLayerDefense
      config:
        strategy: unanimous
        timeout_ms: 50

emergency:
  enabled: true
  auto_recovery: false  # Manual recovery required

References

  1. SS1/21 - Operational Resilience
  2. SS1/23 - Model Risk Management
  3. CP6/22 - AI and Machine Learning