In my recent blog, What is Model Risk?, I discussed how the increased use of models in banks has led to higher potential risk, therefore heightening the importance of model risk management (MRM). As more and more decisions are being made based on models, it becomes imperative for firms to have a rigorous MRM function in place to mitigate the risks of decisions based on flawed or misused models. In order for an MRM function to be effective, it needs strong model risk governance.
What is Model Risk Governance?
Model risk governance is outlined in Supervisory Letter SR 11-7, the holy grail of model risk management guidelines. The Federal Reserve and Office of the Comptroller state that model risk governance, “sets an effective framework with defined roles and responsibilities for clear communication of model limitations and assumptions, as well as the authority to restrict model usage.”
According to the letter, strong governance provides explicit support and structure through the following:
- Policies defining risk management activities
- Procedures for implementing those policies
- Resource allocation
- Mechanisms for testing that those policies and procedures are being carried out as specified.
There should be ample policies in place to address all aspects of model risk management, including assessment of model risk; model development, implementation, and use practices; model validation activities; and governance and controls. These policies must be reviewed annually and updated as necessary to ensure MRM practices keep up with changes in market conditions, bank strategies, activities, and industry practices.
Two key requirements of governance are model inventory and the documentation of model development and validation processes. Let’s take a deeper look at each of these.
To effectively oversee the model risk management framework, a bank needs to have a full picture of all the models that are in development, in use, or recently retired. This model inventory should contain information about each model, such as:
- The purpose for which the model was designed,
- actual or expected usage, and
- restrictions on use.
Some other useful information includes the type and source of inputs and underlying components of a model along with the outputs and their intended use. The inventory should also state whether models are working correctly, describe their last update, and name any policy exceptions. Other standard information to include are the name of individuals responsible for development and validation, validation dates, and the expected timeframe for the model to remain valid.
Model documentation is required at both development and validation stages. As a rule, this documentation should be detailed enough that someone unfamiliar with the model could understand how it operates, its limitations, and its key assumptions.
During development, documentation should be updated as the model application and environment changes. As for the validation process, each step needs to be documented, including ongoing monitoring, process verification, benchmarking, and outcomes analysis. Validation reports should list aspects that were reviewed, highlight potential deficiencies over a range of conditions, and determine whether adjustments are needed.
Who is Responsible for Model Risk Governance?
The board of directors and senior management are responsible for establishing and governing a model risk management framework that fits into the broader risk management of the firm. The board will often delegate the execution of the framework to senior management. Some of these responsibilities include establishing policies and procedures, aligning staff, overseeing development, reviewing validation, and taking remedial action as needed. The senior management team will also provide regular reports to the board, who should in turn ensure that the level of model risk is within their tolerance.
Furthermore, an internal audit function should be in place to assess the effectiveness of the firm’s overall MRM framework. The audit should look at the framework’s ability to address risks of both model misuse and model malfunction. Audit findings should then be documented and reported to the board.
Efficient Model Risk Governance
Model risk governance is critical in preventing costly consequences from misused or defective models. However, teams are faced with outdated inventory and governance tools that cannot keep up with the current imperatives of model risk management.
Evalueserve offers innovative services and tools to ease the burden and enhance your model risk management strategies. We combine domain knowledge with automation and AI to work with model governance teams across the value chain. In fact, Evalueserve was recently named a Category Leader for Model Risk Governance solutions in Chartis Research’s RiskTech Quadrants.
Check out our Model Risk Governance page to learn more about how our solutions can help enhance oversight, simplify governance, and ensure compliance.