Banking Organizations and Validation of Vendor and
Other Third-Party Products Under SR Letter 11-7

On April 4, 2011, the Federal Reserve and the Office of the Comptroller of the Currency jointly issued SR Letter 11-7: Guidance on Model Risk Management for banks and banking institutions under their purview. As a cybersecurity company with customers spanning many industries, including banking institutions subject to the guidance, Proofpoint understands and appreciates the requirements that SR Letter 11-7 places upon those organizations to: (i) ensure appropriate model risk management, and (ii) to validate those same practices of its vendors and other third-party products. However, Proofpoint does not build financial models; therefore, Proofpoint’s products and services are not required to be incorporated into a bank's broader model risk management framework, and further, SR Letter 11-7 does not apply.

© 2025 Proofpoint. All rights reserved. The content on this site is intended for informational purposes only.
Last updated April 13, 2025.

Proofpoint Trust

Proofpoint helps companies protect their people from the ever-evolving threats in the digital ecosystem.