The financial crisis led to a deep reflection on the things that Banks and other financial institutions were doing wrong. The most significant factor that led to bad business decisions and in extend the results that we have all been experiencing the past few years, was uninformed analytics. This is what first caused the financial institutions and their regulators start talking about Model Risk. Now, more than ever, Model Risk is in the spotlight due to new regulations and standards, for example IFRS 9 and BCBS 9, that require the deployment of more models but also enforce the idea of model governance. It is evident now that Model Governance and Model Risk Management become an absolute necessity to avoid pitfalls of the past and drive successful results for the future.
Even though this is not a new subject for many, for the sake of consistency, I would like to attempt to define model risk. Model Risk is the risk of model failure due to incorrect inputs, flawed assumptions, and incorrect model design or model misuse. But having this definition as the basis of this discussion the first question that comes in mind is what the definition of a model is. According to regulatory definitions (Fed and the OCC) the term model refers to “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.”
The model has three components:
- Inputs which may take the form of data (either “hard” or based on opinions of subject matter specialists), hypotheses or assumptions.
- A method, technique, system or algorithm for transforming model inputs into model outputs; it may be statistical, mathematical or judgmental.
- A reporting component which is the system for converting model outputs into a form that is useful for making business decisions.
Important to note is that the Regulators add that “the definition of model also covers quantitative approaches whose inputs are partially or wholly qualitative or based on expert judgement, provided that the output is quantitative in nature.” It is obvious that the concept of a model is rather broad, at least from a regulatory perspective, and some even say vague, leaving significant room for interpretation.
In this article we clearly focus on model risk for financial institutions and more specifically Banks, as the specific industry is significantly exposed to this risk due to the high dependency on predictive analytics for decision making as part of its day to day business processes. Predictive analytics drive a wide range of decisions across the credit life cycle, while the sheer volume of data available in analyzing detailed banking transactions supports a wide range of operational and financial risk modeling areas. Modeling touches virtually every decision area of the bank, from CRM and marketing campaigns to credit pricing and planning, capital stress testing and fraud management.
As it is clear to everybody, decisions based on incorrectly designed or implemented models, or even decisions influenced by misuse or misunderstanding the models, may negatively affect financial institutions in a number of ways, e.g. resulting in financial losses, capital or liquidity shortage or misallocation, loss of customers, flaws in regulatory or financial statements, regulatory penalties, etc. This means that model risk should be managed in a similar manner as any other type of risk. Banks should identify its sources and assess their magnitude in order to adequately and appropriately manage them.
Given all the above and driven by the adverse effects of recent model risk failures, regulators have increased their focus on this risk and are asking for stronger and more structured management of model risk. The U.S. moved first with the document by the Federal Reserve titled, ’Supervisory Guidance on Model Risk Management’, while the EU Regulator’s interest in model risk has been exhibited as part of the ’Supervisory Review and Evaluation Process’ that explicitly includes it in the scope of the review. Of course, the higher standards now required should be intended and implemented according to the materiality intrinsic in both the model and the institution.
Through regulation and experience relevant to the matter that has been accumulated throughout the past couple of years, to manage effectively model risk, it is essential that the entire model lifecycle (development, data management and deployment) is well controlled through a sound and robust governance framework, which is approved by the Board and overseen by the senior management. Managing model risk includes the design and implementation of a model risk management framework that formalizes the criteria to be followed in model development and implementation, ensuring their prudent use, establishing procedures to validate their performance and defining governance and applicable documentation criteria.
Important for any Governance Framework to be established successfully are three essential parameters, people, processes and systems. The same goes for Model Governance which requires any Bank to achieve a proper balance between:
- Modeling and Model Risk Management (MRM) human resources, i.e. organization structure.
- Robust MRM processes.
- Flexible MRM technology owned and operated by the MRM group.
As SAS we believe that technology is a significant factor that can effectively help financial institutions build a more robust Model Risk Management framework. Technology can significantly enhance the ability of any Bank to:
- Create and manage more models, as the circumstances require (Basel III, IFRS 9, Stress Testing, etc.).
- Do more model risk management, and do it more often.
- Improve institutional model risk awareness.
- Comply with regulatory requirements across the entire model life cycle and with more models in scope.
To find out more of how SAS can help you better design and built a technological framework that can support your Model Risk Management initiative have a look at our White Paper titled: “The Future of Model Risk Management for Financial Services Firms”