UK Banks, Building Societies, and Investment Firms operating in the UK and using internal model approvals for regulatory capital requirements must brace themselves for a sweeping change in their Model Governance practices. These changes result from the Prudential Regulation Authority (PRA) releasing its latest Supervisory Statement titled “Model Risk Management Principles for Banks” (referred to SS 1/23 in the blog).
Set to take effect from Friday, 17 May 2024, this new policy mandates stringent requirements such as robust model risk classification protocols and sound model governance frameworks across all models identified through a process developed as per the principles in SS 1/23.
Firms must focus on quality model development alongside meticulous implementation and execution procedures. To avoid potential pitfalls down the line, independent validation of models, along with measures to mitigate associated risks, is required. Finally, active senior management and board involvement in the oversight of model risk management governance is mandatory.
Model Identification | Deterministic Quantitative Approaches Required to be Governed Too as Part of MRM Framework
A vital aspect of company operations involves clearly understanding both the models utilized and associated potential hazards. It’s also essential to establish processes to assess how model risk can impact an organization. Models include vendor models. Material deterministic quantitative methods are required to be governed too using the relevant aspects MRM framework.
Governance | Internal Audit Report On MRM Effectiveness For Financial Reporting Is going to be an important governance measure
To effectively mitigate potential risks, enterprises should ensure that their overarching risk management structure follows the principles of model governance. These principles include establishing policies and protocols that govern model development, validation, and utilization. It also includes developing a system for overseeing and minimizing any associated risks. The internal audit team has been assigned the responsibility to assess the effectiveness of MRM and report on it to the audit committee and external auditors.
Model Development, Implementation, and Use | Clear standards required for the entire process
Achieving dependable results requires rigorous attention to model purpose and design objectives. You must develop models and demonstrate that the purpose and design objectives are met with proper documentation and testing protocols. Then, to preserve accuracy over time, regular re-testing of all model aspects is essential.
Independent Model Validation | Vendor Models require to be validated using same standards as defined for internal models
Having a team dedicated to validating models is essential for companies seeking precision and uniformity in model outputs. Without such an independent function responsible for both initial validation and ongoing monitoring, potential errors or inaccuracies could slip through undetected. There is no obligation on vendors to disclose proprietary information on their models, yet the firm’s validation standards for vendor models are required to account for the validation of vendor data, the firm’s specific use, and validation standards applied by the vendor. There is some relaxation on the validation of models developed and validated by the parent entity if it is a UK group.
Model Risk Mitigation | Governance Of Post-Model Adjustments And Exceptions will be essential
To effectively handle model risk, companies need to implement suitable mitigation strategies. These measures include governance of post-model adjustments and exceptions and the application of restrictions on model use.
Model Inventory | Core tool for reporting on model risk to the management
For businesses to maintain a robust understanding of all models (in development, deployed, and retired), they are required by regulations to retain a comprehensive list. This list must contain information such as details about parameters utilized in each particular model, along with how data is being used and how it may interrelate or rely on other existing models.
Moreover, essential factors such as intentions towards using a specific model, along with critical limitations and assumptions considered while developing it, must also be documented. Companies are heavily encouraged to maintain findings reports after each validation if they wish to have better control over their assets.
Accountability | Senior management and Board of Directors (BoD) involvement is mandatory for effective mRM governance
According to the PRA, one critical component of managing model risk involves active engagement by the Senior Management and Board of Directors. It is, therefore, essential that these groups take measures to establish a sturdy governance framework featuring unambiguous policies and procedures specifically geared toward mitigating model risk. The senior management function (SMF), which is most likely going to be the Chief Risk Office function in most firms, is expected to assume overall responsibility for the MRM framework, its implementation, and the execution and maintenance of the framework. PRA has given the flexibility to appoint more than one SMF for this role, and where firms adopt this approach, they have to define an approach to consolidate the overall MRM reviews and outcomes.
Requirements of BoD:
- The establishment of a comprehensive model of risk appetite by the BoD is paramount for any business. It should elucidate the degree and forms of model risk that the enterprise is willing to assume.
- To ensure conformity with its model risk appetite, it is prudent for the BoD to receive routine summaries on the company’s model risk profile.
- The board has a crucial role to play in challenging the results generated by vital company models while ensuring there are adequate safeguards in case model performance falters.
- The Prudential Regulation Authority (PRA) mandates that incorporating a robust model governance framework into their overall risk management strategy is a priority for the BoD.
- The BoD is required to have proper procedures in place for escalating potential risks as needed.
What This Means for Your Firm
The latest round of regulatory changes from the Prudential Regulation Authority has thrown the existing model risk framework into disarray for financial institutions operating within the United Kingdom. Firms are under immense pressure to ensure that their model risk framework is revamped and re-designed for the expanded universe of models such as asset valuation models, financial crime models, and AI/ ML models. Further, firms will have to extend the model risk management framework, including model review and validation, to the entire model estate consistently.
Our experts at Evalueserve acknowledge how daunting it is for the firms as they navigate through the PRA mandate when trying to maintain effective governance around models’ development and use.
How Evalueserve Can Help
In Chartis Research’s 2023 RiskTech Quadrants, we were delighted to be named as a Category Leader for Model Risk Governance solutions.
By utilizing our experience in model risk framework uplift at both design and implementation levels, our clients benefit from a comprehensive assessment of gaps in their model risk framework and speedier and cost-efficient implementation of their model risk processes.
Evalueserve’s model governance solutions pair advisory services across model risk appetite, policy, framework, and attestation with the right set of technology tools. Our model governance specialists help firms:
- Clarify the Board of Directors’ role and responsibility to provide oversight for model risk management
- Communicate to senior stakeholders across business departments and support functions on the roles and responsibilities for the implementation of the model risk management framework
- Design or uplift the model risk framework and policy in line with SS 1/23 requirements.