The continued rise of model risk management

As someone who has spent over 20 years developing models, both as a consultant and leading analytics teams in banks, the need to be able to understand and explain the thought process that goes into every stage of a model lifecycle has always been critical. Most analysts take great pride in the models they develop and therefore when handing over the model to a client, you want to ensure they understand the model fully, including areas of strengths and weaknesses to ensure the full value of the model is achieved. When working on the bank side, this was still a critical exercise to ensure that the model owners or the business users adopt the model effectively and apply the model in the most appropriate way. This brings back memories of one of the most enjoyable periods of my career, travelling around Ireland supporting the roll-out of a new Investment Property Rating Model that my team had developed and interacting with the relationship managers across the country to ensure it was used effectively.

For banks that are Advanced IRB, the need to have transparent models where you can clearly articulate the risk drivers has always been a key requirement and the approval to use internal models for these organisations comes with the requirement to have the correct model governance in place to minimise Model Risk. For organisations that were not Advanced IRB, typically there were less models in use and as a result less focus on Model Risk Management and Model Governance, however with the rise in digitisation and the strive for more automation we have seen a significant increase in the use of more sophisticated statistical models to aid decisions across most banks. This rise coupled with the adoption of IFRS 9, requiring organisations to develop forward looking Expected Credit Loss Models has seen an explosion in the usage of statistical models for business critical operations within a financial institution. It is no surprise therefore that local regulators have developed a keen interest in the Model Risk Management practices of all financial institutions, not just those systemic banks under Advanced IRB.

The increase in regulations related to Model risk is clear evidence of this interest. We have seen this with the PRA in the UK with the publication of CP 6/26 and the imminent release of the Model Management Standards and Model Management Guidelines from the Central Bank of UAE, whilst the TRIM guidelines for banks in Europe also addressed Model Governance. The clarity of these regulations and the requirement of all financial institutions to enhance their Model Risk Management processes and capabilities is certainly a welcome one.

If we look at the publications that have been issued across the globe, there are a number of recurring themes that will appear in the upcoming Central Bank UAE regulations.

Firstly, Model Identification, Classification and Management of the Model Inventory, with organisations required to update their definition of a model, identifying where models are used and registering the model within a model inventory. It is noticeable that regulators are looking beyond regulatory and credit risk models, where model risk management has historically been more prevalent, and insisting that organisations take an Enterprise wide view of all models used in decision making. There also comes the requirement to quantify the model risk and classify models into tiers based on materiality.

Central to the model risk management regulations globally comes the requirement to create and implement a Model Governance Framework, where internal standards, policies and procedures are approved at board or Model Oversight Committee level to ensure that Model Risks are mitigated across all levels of the organisation and are managed against a defined model risk appetite. The practical implementation of these internal policies and standards is key to an effective model risk management culture within an organisation and is something that may be a challenge for some smaller institutions who now fall under the scope of the regulations.

Data Management is another recurring theme, with organisations required to implement a Data Management Framework that allows them to effectively identify data sources and lineage, test for the quality of data used in model development and model execution and ensure roles and responsibilities for managing data quality are adequately dispersed.

Each regulation defines the stages of a model life cycle, from development through to validation, monitoring and model usage. Each regulation has different levels of details prescribing the requirements of each stage, but the standards which form part of the Model Governance Framework should cover all of these areas and ensure consistency across the organisation regardless of the type of model.

Model usage is another key tenant of the Model Risk Management regulations, with organisations expected to document the situations where models can and cannot be used, including the strengths and weaknesses of the models. In some circumstances, this may lead to a rationalisation of models, particularly in an operational context where the conditions for acceptable model use may no longer apply.

Finally Senior Management Understanding is called out as a significant aspect of ensuring an effective Model Risk Management culture is embedded from the top down. Placing the responsibility for Model Risk Management at a senior level in the organisation, and requiring the model uncertainty and model risk to be captured specifically in the risk appetite, will ensure that it is given the appropriate level of focus, however the increase in the number and types of models that now fall into the scope of the evolving MRM regulations is going to necessitate some level of education on the different types of models used across the organisation.

It will be interesting to see how these regulations evolve, however the focus on Model Risk Management and the increasing scope to all models should lead to a more consistent approach across and within organisations and will certainly lead to greater innovation in solutions that help facilitate effective Model Risk Management Frameworks.