Basel and AI Model Risk
Why signed model lineage turns AI model risk governance from a story a bank tells into a proof it can defend
Every bank that has ever answered to a supervisor knows the ritual. A model makes a decision, a regulator asks how it was reached, and someone has to reconstruct the reasoning from logs, spreadsheets and the memories of people who may since have left. Under the Basel framework, this reconstruction has always been the price of using quantitative models to hold capital, price risk and approve credit. The framework was written for models that a team could explain on a whiteboard.
Artificial intelligence breaks that comfortable arrangement. When a decision emerges from a system that learned its behaviour from data rather than from a formula a person wrote, the whiteboard is empty. The Basel Committee's principles for model risk management still apply, but the evidence they demand is far harder to produce. We built Mickai, our Sovereign Intelligence Operating System, so that the evidence exists before anyone thinks to ask for it.
What Basel actually asks of a model
The Basel framework, and the supervisory guidance that surrounds it such as SR 11-7 in the United States and the European Central Bank's guide to internal models, treats a model as a controlled object. A firm must know where the model came from, what data trained it, who validated it, what its limitations are, and who authorised its use. Model risk is the risk of adverse outcomes from decisions based on models that are incorrect or misused, and the response is governance: independent validation, a model inventory, ongoing monitoring and clear ownership.
None of this is controversial for a linear regression. The trouble is that AI systems are not static artefacts. They are retrained, fine-tuned, prompted, chained and updated. A single AI decision may pass through several models, a retrieval step, a set of instructions and a human override before it lands. Basel governance assumes you can point at the model that made the decision. With modern AI, the honest answer is often that no one can point at it with confidence. That gap is not a compliance inconvenience. It is model risk in its purest form.
Signed lineage instead of remembered lineage
Our answer is to stop relying on memory and start relying on cryptography. In Mickai, every model carries a lineage that is recorded, not recalled. When a brain is trained or fine-tuned, the operating system captures the base it derived from, the data corpus it consumed, the parameters that shaped it and the validation results it passed. That record is hashed and signed. The signature uses post-quantum cryptography, specifically the Federal Information Processing Standard 204 ML-DSA-65 scheme, so the lineage stays trustworthy even against an adversary holding a quantum computer.
The records are linked into a hash chain using SHA-3-512, so each entry seals the one before it. You cannot quietly alter a training run, backdate a validation, or slip in an unapproved model without breaking the chain, and a broken chain is visible to anyone who checks. Model lineage stops being a document that a team maintains and becomes a mathematical fact the system enforces. When a supervisor asks which model made a decision and how it came to exist, the answer is retrieved and verified in seconds, not assembled over weeks.
The action, not just the model, carries proof
Basel model risk management does not end at the model. It cares about use: the decision the model informed, the override a human applied, the capital number that resulted. This is where most AI governance quietly fails, because the model may be well documented while the moment of use vanishes into an application log that no one signs.
In Mickai, no consequential action executes unsigned. Before a brain acts, the operating system writes an Operation Attestation Record, an OAR, that names the model version, the inputs it saw, the policy it operated under and the identity that authorised it. The OAR is signed before the action runs, not after, so it can never be a convenient reconstruction written once the outcome is known. For high-stakes decisions, such as changing a capital calculation or approving an exposure, we require multi-brain agreement and voice-biometric approval, so a single compromised component cannot move money on its own. The audit ledger that results is tamper-evident, hash-linked and verifiable offline, which matters when a supervisor wants to inspect the record on their own hardware without trusting ours.
Model risk you can measure
A control that cannot be measured is a hope. Basel validation expects firms to test models continuously, to track performance drift, and to demonstrate that a model still behaves as it was approved to behave. Because Mickai signs lineage and attests every action, the raw material for measurement already exists in structured, trustworthy form.
We can show, for any period, which model versions were live, how often humans overrode them, where outputs drifted from validated behaviour, and which decisions triggered the highest-assurance approval path. Brains are revocable, so a model that fails validation can be withdrawn instantly across the estate, and the ledger records the revocation as a signed event. Model risk becomes a set of numbers a chief risk officer can put in front of a board and a supervisor can independently reproduce, rather than an assurance resting on the diligence of whoever last touched the spreadsheet.
Necessary, because the alternative is unquantified
The regulatory ground is shifting under everyone's feet. The European Union Artificial Intelligence Act, the EU AI Act, treats credit scoring and many risk models as high-risk systems demanding traceability and human oversight. The Digital Operational Resilience Act, DORA, and the ISO 42001 standard for AI management systems push in the same direction. General Data Protection Regulation obligations attach to the data that trains these models. A bank that adopts AI without signed lineage is not choosing a lighter control regime. It is choosing an unquantified one, and unquantified model risk is precisely what Basel exists to prevent.
This is why we frame these controls as necessary rather than optional. A firm can defer them, but it cannot make the underlying risk disappear. It simply carries the exposure without measuring it, which is the worst of both worlds under any supervisory regime.
Built for the boundary the public cloud cannot cross
The large cloud providers are allies in this story, not rivals. They operate a magnificent layer of infrastructure, and much of finance runs on it well. But a regulated bank often cannot let its most sensitive models and data leave its own control, whether for reasons of sovereignty, secrecy or supervisory expectation. That is the boundary Mickai is designed to sit on.
Mickai runs on hardware the customer owns, air-gapped or on-premise, with zero data egress. The lineage, the attestation records and the audit ledger stay inside the institution and remain verifiable offline. The capabilities we have described are drawn from our portfolio of 104 filed UK patent applications, comprising about 2,340 claims and owned by Mickai LTD, each framed around a specific control the system performs. We treat model governance not as paperwork bolted onto AI, but as a property the operating system guarantees.
The bottom line
Basel has always asked a simple question in a hard way: prove your model, prove its use, prove it still works. AI makes that question harder, because the model is a moving target and the moment of decision is easy to lose. Signed model lineage, attested actions and a tamper-evident ledger turn the answer from a narrative into a proof. Model risk governance stops being a story a firm tells and becomes a measurement it can defend. That is the standard we build to, because under Basel it is not a luxury. It is the necessary and measurable control.




