Model risk management: What is the best path to compliance?

1. Model risk is now a high priority for banks and financial institutions as regulators take a closer look at how organizations build, approve and maintain models.
2. A robust approach to model risk management requires firms to understand the capabilities and limitations of their current risk solutions and to account for model uncertainties.
3. Technology and integrated risk management are discussed in a five-part Refinitiv podcast and Expert Talk series examining the key issues facing compliance and risk officers at large financial firms.

The banking industry is dependent on the implementation of models, whether they are for pricing transactions, performing risk analysis and optimizing returns, among many other uses.

However, the use of incorrect or misrepresented models can be dire.

That’s why since the 2008 financial crisis, regulators have been examining how banks build, approve and maintain models, and requesting evidence that banks are effectively managing model risk.

Model risk is the potential for adverse outcomes – such as financial loss, poor business and strategic decisions or reputational damage – stemming from incorrect model results and reports.

Model risk generally has two causes:

• Fundamental errors that result in inaccurate outputs for the model’s design objective and intended business use.
• Incorrect or inappropriate use or a misunderstanding of the model’s limits and assumptions.

High priority for banks

Prior to 2011, firms mostly used model validation and other methods for model risk management, but such practices were limited, inconsistent across the industry, and greatly dependent on manual processes and controls.

In 2011, however, the U.S. Federal Reserve and the Office of the Comptroller of the Currency (OCC) jointly issued the SR 11-72 Supervisory Guidance on Model Risk Management, which standardized requirements on model development, implementation, use, governance, and control structure.

Since then, model risk management has become a high priority for banks.

The American Bankers Association (ABA), for example, has advised its members that an effective model risk programme is one that “takes time to develop, and banks that adopt a thoughtful, staged approach to implementation are most likely to succeed”.

The ABA says that every bank in the U.S. with more than $1 billion USD in total assets is expected to have a robust model risk management framework.

Increased regulatory scrutiny

The key aspects of a strong model risk management process include properly developing and implementing models. This is to ensure they perform as intended, and are accurate as well as stable.

Minimizing risk requires that organizations understand the capabilities and limitations of the underlying assumptions and account for model uncertainties.

Firms should also assess a model’s assumptions, underlying theoretical basis and data, as well as its processing, output and reporting. Finally, firms need to have an effective framework, oversight and controls in place when it comes to model risk management.

Can tech tackle integrated risk management? Learn more in our podcast and Expert Talk series

It should be noted that it’s not just in the U.S. where regulators are focusing on model risk management. The European Central Bank, for instance, has been in the process of revising and updating its standards on how banks should properly monitor internal models. The UK’s Prudential Regulation Authority in 2017 set out guidelines on its expectations for risk management practices by financial firms using stress test models.

This increased regulatory scrutiny means it is imperative for financial institutions to have a strong model risk management system in place.

And beyond just regulatory compliance, managing model risk and using models properly allows organizations to use internal data to learn about risks and opportunities, thus enhancing business decision-making and profitability.