In the ever-evolving landscape of financial regulations, staying ahead of the latest changes is paramount for institutions striving to maintain resilience and stability. Recognizing this imperative, the Office of the Superintendent of Financial Institutions (OSFI), Canada's regulatory authority, has recently announced updates to its E-23 Model Risk Management Guidelines. The revisions will lead to a broadening of the application of this policy to all analytical models Federally Regulated Financial Institutions (FRFIs) and federally regulated private pension plans (FRPPs).
Key Highlights
The latest revisions cover models utilized for non-financial risks, including climate, cyber, technology, and digital innovation risks. In alignment with the principles reflected in SR 11-7 and SS 1/23 guidelines, the proposed changes advocate for financial institutions to tailor their Model Risk Management (MRM) policies, procedures, and processes in accordance with their size and complexity. OSFI has adopted a principled approach, similar to other MRM regulations, providing explicit guidance on the roles and responsibilities of different teams and participants, such as Model Owners, Model Developers, Model Reviewers, and Model Approvers.
The updated E-23 guidelines extensively address topics that overlap with those in SS1/23, including aspects such as model risk rating, governance, and inventory. OSFI has additionally specified a set of characteristics that should be accessible upon request from the inventory. Notably, a point of divergence from SS1/23 and SR 11-7 is evident in OFSI’s view on Board of Directors responsibility for implementation and management of the model risk management framework. While acknowledging the necessity for senior management reporting, OSFI does not explicitly define the role of senior management in the implementation and monitoring of Model Risk Management (MRM). Nevertheless, the regulator has clearly outlined the minimum information that must be reported to all stakeholders, including senior management:
- Model types
- Performance of individual models over their model lifecycle
- Description of the operating environment in which models are used
- Exceptions from the organization's MRM framework
- Enterprise-level assessment of model risk
Another area which has not received a lot of attention is Post Model Adjustments (PMAs) and their treatment, where lot of scrutiny documentation and independent review is mandated by SS1/23.
OSFI has established seven principles with the aim of achieving the following outcomes:
- Adequate management of models throughout the lifecycle
- Proportional management of model risks (taking into consideration factors such as complexity and size)
- Comprehensive understanding and enterprise-wide framework for model risks.
The seven principles laid down by OFSI are:
Principle 1: Organizations develop, approve, and implement processes and controls that define expectations for each of the lifecycle components.
Principle 2: Processes and controls consider the organization’s size, complexity, and the usage of the model.
Principle 3: Organizations establish an MRM framework that provides an enterprise-wide view of their exposure to model risk.
Principle 4: Organizations maintain a centralized inventory, that is the authoritative record of all currently operational models and those recently decommissioned. This inventory remains continuously updated and is subject to robust control mechanisms.
Principle 5: Organizations have policies, procedures, and governing authorities for each phase of the model lifecycle, with expectations set according to the complexity and significance of the model.
Principle 6: Organizations recognize the interdependency between data and model risk and have adequate policies and procedures to govern the use of data in models.
Principle 7: The model risk rating scheme considers both quantitative and qualitative criteria, along with assessing the impact on downstream processes.
The expected effective date for the finalized guideline is July 1, 2025. The proposed adjustments, open to public input until March 22, 2024, mark a substantial step in enhancing the resilience and stability of Canada's financial system. The draft version of the revised Guideline E-23 will undergo further refinement based on feedback received during the consultation period, ensuring a comprehensive and well-informed approach.
How Evalueserve Can Help
Evalueserve's tech-enhanced managed services offering for MRM teams combines human expertise with domain-specific technology. Our MRM experts have extensive experience working with financial institutions across several different regulations. To further help our clients meet regulatory requirements, we've partnered with MathWorks to create a Model Inventory and Governance tool, MRMOne™. Trusted by a diverse range of financial services clients, including banks, insurance companies, and asset managers, MRMOne™ incorporates market-leading technologies. The platform is supported by a global team of quantitative, risk, analytics, and development specialists.
Key features of MRMOne:
1. Transparency on Model Risks:
- Facilitates faster and frequent communication to effectively address and stay on top of issues and risks associated with the models.
- Provides executive dashboards specifically designed for the model risk committee.
2. Audit Trails & Documentation:
- Ensures auditability and controls throughout the entire model lifecycle.
3. Model Validation Findings Tracking:
- Offers visibility into model and findings dependencies.
- Provides an overview and breakdown of findings by status, issue rating, due dates, and more.
4. Simplifying Workflows & Tasks:
- Lightweight and easy to work with, maintaining a balance between on and off the platform workflows.
- Reduces the cost of model governance functions and incorporates model attestation functionality.
