What Is an AI Model Inventory?
An AI model inventory is the organization's central register of all artificial intelligence and machine learning models used in business operations — including third-party AI tools, internally developed models, and AI-powered SaaS products.
SR 11-7 explicitly requires a complete model inventory as the foundation of a model risk management program. The EU AI Act additionally requires organizations to maintain technical documentation for all high-risk AI systems. Without one, you cannot demonstrate compliance.
What Should Be Tracked for Each Model
- Model name, version, and description
- Business purpose and owner
- Risk tier (low, medium, high)
- Vendor or developer information
- Data inputs and outputs
- Validation status and last review date
- Regulatory classification (EU AI Act risk category)
SR 11-7 requires model inventories to be reviewed at least annually — and updated whenever new AI tools are adopted.
Who Needs an AI Model Inventory?
- Banks and financial institutions subject to Federal Reserve and OCC oversight
- Insurance companies with state-level model risk requirements
- Any organization preparing for a regulatory examination
- Companies implementing NIST AI RMF or ISO 42001
Common Inventory Gaps That Fail Audits
- Shadow AI — tools adopted by business units without IT approval
- No risk tiering — treating all models as equal regardless of impact
- Missing third-party tools — only tracking internally built models
- No validation records — can't demonstrate models were tested
Download the Complete AI Governance Starter Pack
7 audit-ready documents built for compliance teams at banks, fintechs, and financial services organizations. One-time payment. Instant access.
SR 11-7 · NIST AI RMF · EU AI Act · FFIEC · GDPR aligned · No subscription required