Models are used throughout banks and financial institutions to evaluate the value of stock prices and identify trading opportunities. With the advances in machine learning and artificial intelligence in recent years, model development and usage have become more widespread and complex.
While models are invaluable tools for financial firms, there is significant risk associated with the incorrect use of models or model malfunction. Decisions based on flawed or misused models can have dire consequences and be extremely costly.
The Evolution of Regulation
The 2008 global financial crisis changed many aspects of the banking world and was a turning point in how model risks were managed. After the 2008 crisis, financial regulators created specific model risk management (MRM) guidelines, where there previously were none. In 2011, the Federal Reserve and the Office of the Comptroller issued Supervisory Letter SR 11-7, still widely used today as the base of MRM frameworks.
While this set of MRM standards was initially intended for large banks and insurers deemed “too big to fail”, it wasn’t long before smaller financial institutions were expected to adopt them as well. In 2017, the Federal Deposit Insurance Commission (FDIC) announced their adoption of the Supervisory Guidance on Model Risk Management, extending its applicability to all institutions with over $1 Billion in total assets.
Model Risk, Defined
To better understand model risk, let’s take a look at what regulators have defined to be a model. The FRB(what’s the FBR?) defines a model as “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.”
That’s quite a mouthful, but we can break the definition down into three simple steps: Data Inputs, Calculations, and Output. Simply put, a model will use a set of assumptions and conditions to convert a set of data inputs into a numeric output.
So, now that we know what a model is, what exactly is model risk? SR 11-7 refers to model risk as the “potential for adverse consequences from decisions based on incorrect or misused model outputs and reports” and outlines two primary reasons for risks to occur:
- Fundamental errors in a model that produce inaccurate outputs
- Incorrect or inappropriate use of a model or misunderstandings of a model’s limitations and assumptions
Risk severity can vary based on model complexity, levels of uncertainty around assumptions, broader usage, and potential impact. Events like the COVID-19 pandemic can also have huge impacts on model risk. Model malfunctioning was an unexpected impact of the pandemic, heightening risk to new levels.
Let’s Talk Consequences
Model risk can lead to poor decision-making, reputational damage, and significant financial loss. To demonstrate the potential severity, here are some examples:
- A global financial services leader used a fundamentally flawed Value at Risk (VaR) model, passing its VaR limits for almost a week and resulting in losses in the billions.
- A global equity investment firm lost investors hundreds of millions of dollars due to a coding error in a quantitative investment model. The firm had to pay back the losses along with additional penalties and suffered reputational damage resulting in billions lost in assets under management.
So, how can banks effectively mitigate these risks to avoid adverse consequences? By creating a robust model risk management framework inline with the guidance provided by SR 11-7.
Model Risk Management
A strong MRM function is imperative to mitigate model risks. The MRM value chain can be broken into three categories:
- Model Risk Governance: Model governance involves developing a framework that outlines a set of policies, procedures, and defined roles that formalize MRM implementation. The framework should be governed by the board of directors and senior management.
- Model Development: Sound model development is the first step in managing model risks. Prior to implementing models, components must go through rigorous testing, and each step of the development process must be documented thoroughly.
- Model Validation: After development, each model must be thoroughly, independently tested before being put to use. The validation process should verify that models are performing as expected and inline with their objectives while identifying possible limitations and their potential impact. Once a model is implemented, it should be monitored on an ongoing basis to ensure that it is continuing to perform as intended.
While MRM teams are fundamental to managing model risks, the increased usage of models across institutions is draining resources. The processes involved in MRM are largely manual and teams are struggling to keep up with demand.
While technology cannot replace the high level of expertise required to effectively manage model risks, it can certainly enhance it. MRM automation is steadily gaining traction due to its ability to scale MRM capacity without adding resources.
To learn more about model risk, effective model risk management, and how automation can enhance MRM, talk to one of our experts.