In recent years, model risk management (MRM) has become an increasingly critical priority for banks and other financial services organizations. At the same time, as the use of models expands, having a robust, ongoing monitoring framework becomes that much more important.
As MRM challenges continue to evolve, many banks are applying important new tools and practices that can help them manage and monitor this important risk function more effectively.
The current state of model risk management
The practice of model risk management has undergone some significant changes in the years since the Federal Reserve and the Office of the Comptroller of the Currency issued “Supervisory Guidance on Model Risk Management” (SR 11-7, OCC 2011-12). At the time that the interagency guidance was first published, the use of sophisticated financial models was concentrated primarily in large institutions, particularly those with more than $10 billion in assets, which were subject to heightened regulatory scrutiny.
In the ensuing years, however, attention to model risk management became much more widespread as model usage continued to increase in banks of all sizes for a variety of purposes including compliance with rapidly changing regulatory and financial reporting requirements. When the Federal Deposit Insurance Corporation adopted the interagency guidance in 2017, a wider universe of banks recognized the need to improve their MRM capabilities. Advances in models such as incorporation of advanced statistics and machine learning also spurred greater need for efficient management of the associated model risks.
Today, the maturity levels of MRM programs vary considerably across the industry. Many banks with less mature programs are still identifying and refining their model inventories or working their way through the first or second round of validations of key models – a function typically outsourced or supplemented by support from internal audit. In larger, more mature programs, however, management’s focus is shifting toward gaining more value from the effort, realizing efficiencies, developing a holistic view of the organization’s model risk, and enhancing internal resources in order to build more sustainable MRM practices.
Evolving model risk management practices
At a fundamental level, model risk management encompasses a range of activities within three overarching functions:
- Model development, implementation, and use. This function encompasses a clear understanding of the model’s purposes, support for the theory and design of the model, rigorous assessment and preparation of data, a disciplined approach to implementing the model in the bank’s environment, comprehensive testing, and challenge by model users.
- Model validation. This function consists of a set of processes and activities, conducted by a party that is independent from model development, which are intended to verify that models are performing as expected.
- Governance, policies, and controls. A governance framework provides the necessary policies, procedures, and management oversight to verify that the MRM program is appropriately managing model risk, in alignment with the extent and sophistication of the bank’s usage of models.
MRM practices within these functions have continued to evolve to enhance the MRM function. They include:
- Ongoing monitoring
- A standardized manner for model owners to document an ongoing monitoring plan
- Tracking of the execution of ongoing monitoring activities by the MRM function
- Visibility to model performance issues and an understanding by model risk managers of the impact to interconnected models
- Aggregated reporting on ongoing monitoring compliance and model performance
- Change management
- A standardized method for documenting changes
- A clear definition of what constitutes a material change
- Notification of material changes to model risk management
- Nonmodel tools
- Identification of nonmodel applications or end-user computing systems (EUCs) and inclusion in the model inventory
- Established policies and procedures to provide oversight
- Model validation
- A standardized model validation report
- An established set of risk-based activities to conduct between full validations
- A centralized manner for tracking validation findings and timelines for remediation
Advancing the MRM function to drive business value while realizing efficiencies can be challenging. A successful program requires that MRM teams be able to address both rising volumes of model usage and evolving requirements and expectations by model users and regulators alike.
Addressing the challenge of ongoing monitoring
Among the various challenges that MRM teams must address, issues associated with ongoing monitoring often are among their most immediate concerns. For example, when hundreds of bank executives participating in a recent Crowe webinar were asked to identify their top MRM-related challenges, their number-one concern involved working with model owners to conduct such monitoring. Nearly half (45.5%) said they expect this to be one of their top challenges in the coming year (Exhibit 1).