In my recent blog, What is Model Risk?, I discussed how the increased use of models in banks has led to higher potential risk, therefore heightening the importance of model risk management (MRM). As more and more decisions are being made based on models, it becomes imperative for firms to have a rigorous MRM function in place to mitigate the risks of decisions based on flawed or misused models. In order for an MRM function to be effective, it needs strong model risk governance.
What is Model Risk Governance?
Model risk governance is outlined in Supervisory Letter SR 11-7, the holy grail of model risk management guidelines. The Federal Reserve and Office of the Comptroller state that model risk governance, “sets an effective framework with defined roles and responsibilities for clear communication of model limitations and assumptions, as well as the authority to restrict model usage.”
According to the letter, strong governance provides explicit support and structure through the following:
- Policies defining risk management activities
- Procedures for implementing those policies
- Resource allocation
- Mechanisms for testing that those policies and procedures are being carried out as specified.
There should be ample policies in place to address all aspects of model risk management, including assessment of model risk; model development, implementation, and use practices; model validation activities; and governance and controls. These policies must be reviewed annually and updated as necessary to ensure MRM practices keep up with changes in market conditions, bank strategies, activities, and industry practices.
Two key requirements of governance are model inventory and the documentation of model development and validation processes. Let’s take a deeper look at each of these.
To effectively oversee the model risk management framework, a bank needs to have a full picture of all the models that are in development, in use, or recently retired. This model inventory should contain information about each model, such as:
- The purpose for which the model was designed,
- actual or expected usage, and
- restrictions on use.
Some other useful information includes the type and source of inputs and underlying components of a model along with the outputs and their intended use. The inventory should also state whether models are working correctly, describe their last update, and name any policy exceptions. Other standard information to include are the name of individuals responsible for development and validation, validation dates, and the expected timeframe for the model to remain valid.
Model documentation is required at both development and validation stages. As a rule, this documentation should be detailed enough that someone unfamiliar with the model could understand how it operates, its limitations, and its key assumptions.
During development, documentation should be updated as the model application and environment changes. As for the validation process, each step needs to be documented, including ongoing monitoring, process verification, benchmarking, and outcomes analysis. Validation reports should list aspects that were reviewed, highlight potential deficiencies over a range of conditions, and determine whether adjustments are needed.
Who is Responsible for Model Risk Governance?
The board of directors and senior management are responsible for establishing and governing a model risk management framework that fits into the broader risk management of the firm. The board will often delegate the execution of the framework to senior management. Some of these responsibilities include establishing policies and procedures, aligning staff, overseeing development, reviewing validation, and taking remedial action as needed. The senior management team will also provide regular reports to the board, who should in turn ensure that the level of model risk is within their tolerance.
Furthermore, an internal audit function should be in place to assess the effectiveness of the firm’s overall MRM framework. The audit should look at the framework’s ability to address risks of both model misuse and model malfunction. Audit findings should then be documented and reported to the board.
Efficient Model Risk Governance
Model risk governance is critical in preventing costly consequences from misused or defective models. However, the detailed documentation that’s required usually consists of hundreds of pages…per model…for each step.
As the volume of models being used in banks continues to increase, it is becoming difficult for MRM teams to keep up with demand. While increasing headcount is costly and only adds minimal capacity, there are tools out there built specifically for MRM governance that can scale your operations and save you significant time.
Evalueserve has seen the strain that documentation puts on MRM teams and has created a solution. MRMraptor is an AI-powered tool that interprets your model test results and automates the creation of regulatory-compliant documentation, shortening model review time from months to weeks.
Connect with one of our experts to learn more about how MRMraptor can help strengthen your model risk governance function.