Model Risk Regulatory Framework: challenges to managing model risk


At this point in time, Model Risk Management stands at the forefront of risk management for many of today’s financial services organizations. The majority of financial institutions are in the process of developing Model Risk Management frameworks to mitigate model risk and to become more comfortable with their models. However, the concept of model risk is comparably new and still evolving. In this article, I review the current state of model risk awareness in the financial services industry by focusing on the following areas:

  • provide an overview of the regulatory regime in the EU related to Model Risk Management framework
  • present significant challenges that exist in building an efficient model risk management platform

Recent regulatory references on Model Risk and Model Governance framework are driving the demand for Model Risk Management technology. These adjustments increase the Model Risk Awareness and reinforce the need for financial services firms to establish a Model Risk Management framework to effectively identify, understand and manage model risk, as well as to govern the entire model lifecycle.

Model Risk: The (EU) Key Regulatory References on Model Risk Management Framework

The last developments in the regulatory regime related to the new risk type, known as Model Risk, request from the Financial Institution’s to have in place a framework that allows them to manage its model risk.  In European regulations, there are certain statements that must be considered by Institutions as a guidance on how to identify, understand and manage model risk. These statements are expressed as guidelines from the following references:  Capital Requirements Regulation and Directive (CRR/CRD), the project of Targeted Review of Internal Models (TRIM) and the European Banking Authority (EBA), on Supervisory Review & Evaluation Process (SREP) as well as on Prudent Validation (Regulatory Technical Standards).

Capital Requirements Regulation & Directive (CRR / CRD IV)

The emphasis on model risk began officially with the Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013. Under the specific Directive is provided the definition of Model Risk (Article 3, p. 4), as well as the need of institutions to have in place policies & processes to evaluate and manage the exposure of Model Risk as part of Operational Risk (Article 85, p. 59).

EBA Guidelines on common procedures & methodologies for the supervisory review & evaluation process (SREP)

According to these EBA guidelines (EBA/GL/2014/13) Model Risk covers two distinct forms of risk:

  • risk relating   to   the   underestimation   of   own   funds   requirements   by regulatory approved internal models
  • risk of losses relating to the development, implementation or improper use of any other models by the institution for decision-making

EBA Final Draft Regulatory Technical Standards on Prudent Valuation

Guidelines (EBA/RTS/2014/06) on calculation of model risk through valuation adjustment associated with existence of a range of different valuation models or model calibrations.

European Central Bank: Targeted Review of Internal Models (TRIM)

The targeted review of internal models, or TRIM (Guide published February 2017), is a project to assess whether the internal models currently used by banks comply with regulatory requirements, and whether they are reliable and comparable. A key part of the TRIM project is its focus on Model Risk Management. Compared to the above regulation and guidelines, TRIM guidelines are more standardized and defined under a framework for model risk management. Some of the its major guidelines are included below:

  • Guidelines for a model risk management framework in place that allows an institution to identify, understand and manage efficiently model risk (similarly to any other risk category). This framework should include the following:
    • A model inventory that allows a holistic understanding of models application and its usage
    • Guidelines on identifying and mitigating the areas where model deficiencies are known
    • Definitions of roles and responsibilities across the institution
    • Definition of policies, measurement methodologies and reporting
  • Even though TRIM focuses on internal models, institutions are expected to implement an effective model risk management framework for all models
  • Guidelines for proper model development and implementation. The model development process and its proper documentation are explained. In addition, guidelines are provided for data quality, model testing, and the establishing of model requirements
  • Guidelines for model use, model testing
  • Guidelines for the processes of model validation and the key elements involved
  • Guidelines for developing and maintaining appropriate governance, policies and controls over the model risk management framework
  • Guidelines are set for the internal audit process of the risk management unit
  • Guidelines are set for the appropriate documentation required throughout the model risk management framework

Affected by these set of principles included in European Central Bank’s (ECB) Guide, a model risk management framework is formed as an international standard. In response to these supervisory principles and developing the mentioned framework, financial organizations need to implement the guidelines and enhance their operational processes as well as their technological infrastructure through the assessment of all the related factors.

It’s clear from the above last amendments in the European Regulatory Regime related to Model Risk that the European Banking Authority (EBA) and European Central Bank (ECB) will focus their regulatory efforts on Model Risk Management framework, taken for granted that models and data are considered strategic assets and must be managed as crucial inputs to decision making process.

Model Risk Framework

Key Challenges associated with a Model Risk Management Framework

Although Model Risk Management stands at the forefront of risk management functions for many of today’s financial institutions, there are still important challenges for them in building an efficient model risk management framework. These consist of a) Governance Structure (Roles & Responsibilities), b) High volume and governance of the documentation, and c) Management of model changes

1.Governance Structure (Roles & Responsibilities):

Many financial organizations still believe that model risk management should be driven by the risk departments of the institution. However, these divisions cannot always understand all the details of the model through its entire lifecycle. This problem is overstated by the fact that models are getting large in number and even more complex to understand them than ever before. Additionally, in most of the cases, models do not operate in an isolated environment, there are multiple groups of users working on the same model. Generally, there is a development team which is responsible for the model development part, while, for the deployment part is usually responsible an IT team. Over and above all this, there is a senior management team which is responsible for monitoring all these groups and evaluating the risk. Subsequently, a challenge for financial institutions during the development of a Model Risk Management platform is the clear identification and determination of appropriate roles and responsibilities.

2.High volume and governance of the documentation:

Without adequate, proper and up to date documentation, model risk management will be useless. According to the new regulations (i.e. ECB’s TRIM project) financial services firms will need to develop comprehensive documentation of the technical features of the model (i.e. methodology, assumptions, model usage, etc.). These documents should be sufficiently detailed so that third parties would be able to understand how the model operates. Thus, a clear challenge for the organizations is the fact that they need to document each model, the purpose of the model, the technical aspects of the model, etc. This challenge is exaggerated by the fact that with new regulations (i.e. IFRS9, FRTB) being rolled out, banks will need to develop and maintain more models with further complexity to meet new compliance requirements.

Further regulatory requirements exist for the governance of the documentation on models. The financial institutions should have in place processes and policies for document management that identify and define roles and responsibilities for each involved party (in the model lifecycle) when approving or making changes in the respective model documents.

3.Management of model changes:

Consistent with the latest regulations (i.e. EU 529/2014 RTS on model changes, ECB’s TRIM project) a financial institution’s model risk management framework should meet key requirements such as having principles for management of model changes. Based on these guidelines an enormous challenge for the organizations is that they should have procedures to identify, implement, approve and monitor model changes as well as to notify and apply for permission to the involved parties with respect to such changes. Moreover, an effective model risk management framework should contain metrics for the impact assessment of the performed changes as well as must define the responsible unit or group of people to conduct the assessment.


Financial services firms are expected to ensure that their Model Risk Management framework is consistent with the latest EU regulations. The organizations whose model landscape is not compliant and up to date will need to invest and enhance. However, these last developments in the regulatory regime should not just be thought as just an obstacle to overcome, but as an opportunity to elevate the model landscape to a comprehensive framework that will add value to the business decision-making process, beyond compliance.

What we should do?

My next article will cover more details about the project of Targeted Review of Internal Models (TRIM), and explain how organizations can take action to manage the regulatory requirements as well as the challenges of this project.

Learn more

The risk and compliance agenda is more crowded than ever. Financial institutions continue to feel pressure from regulators, auditors, boards and investors to manage risk more proactively and comprehensively. Model risk governance is becoming more and more critical. As a result, financial institutions must operate their risk and finance functions in a more unified, cost-conscious and transparent manner that requires tighter organizational integration and more informed reporting.

Register now for the 2017 SAS EMEA Risk Executive Forum, where you’ll hear from industry experts about how these trends and changes will affect financial organizations, and from your peers about the lessons they have learned during the implementation of key risk initiatives.


About Author

Spyros Maltezos

Business Solutions Manager - Risk Practice, SEMEA

Spyros is the Business Solutions Manager-Risk Practice, for the office of SAS in Southern Europe, Middle East & Africa (SEMEA). By combining his 8 years of Risk Management experience with SAS Risk & Compliance Solutions he provides consulting services to financial institutions on matters ranging from governance, to risk and regulation. Previously he held Credit Risk Analyst position at one of the major Greek financial institutions, participating in key components of Credit Risk Management, including development and implementation of Credit Rating Systems using complex statistical packages.

Leave A Reply

Back to Top