In my previous article I reviewed the current state of model risk awareness in the financial services industry by providing an overview of the EU regulatory regime related to Model Risk Management framework, as well as introducing some major challenges that exist in developing a Model Risk Management system.
This article, covers more details about the project of Targeted Review of Internal Models (TRIM), and explains how organizations can address the regulatory requirements as well as the challenges of this project.
In general, models are an inevitable feature of financial risk management. Since 2006, Banks under Basel II Capital Accord were heavily relying on internal models via the Internal Ratings-Based Approach (IRB), Advanced Measurement Approach (AMA-replaced by SMA on 2016) and the Internal Models Approach (IMA).
The Basel II Capital Accord involved greater reliance on the Bank’s internal expertise, internal risk methodologies, models, and risk-parameter estimates for the calculation of credit, operational and market risk exposures. Both approaches under Basel II constitute a framework that could give the ability to the financial institutions to model risk and specify risk appetite in a more accurate manner, which could consequently lead to a more precise calculation of regulatory capital requirements.
Motivation: Trust in Internal Risk Models needs to be strengthened
During the last few years, however, public stance towards internal models has declined significantly. More specifically, the European Banking Authority (EBA) launched on 4th March of 2015 a discussion paper regarding the future of the IRB Approach in which talked about “a lack of trust in the use of IRB models” as well as highlighted inconsistencies and high variability in the capital requirements calculated by different bank’s internal models. Indicatively, based on this paper some of the main sources of differences in RWAs that cannot be explained by the different risk management practices of the Financial Institutions are:
- The definition of Default
- PD calibration
- LGD calibration
Thus, in this paper EBA set out an agenda for further improvements and clarifications in the regulatory framework for IRB models.
Definition and Main Objectives of TRIM
Reestablishing the public confidence in regulatory capital ratios is considered a crucial goal for ECB and EBA. In this perspective, the European Banking Authority (ECB) has launched in 2015 its second largest project since the Comprehensive Assessment (2014), the Targeted Review of Internal Models (TRIM), which is already entering its second phase and it is expected to be finalized in 2019. According to the ECB, TRIM is a project to evaluate whether the internal models used by banks comply with regulatory requirements, and whether they are reliable.
The specific project has the following three major objectives:
- To restore credibility of the Pillar I internal models,
- Harmonize practices in relation to the use of the internal models across the Euro area and
- Ensure appropriateness of internal models when Financial Institutions use them to calculate their regulatory capital requirements.
Moreover, the ECB has issued on February of 2017 a Guide to TRIM with the intention of helping Banks to be prepared for the upcoming on-site inspections. The ECB will lead more than 100 on-site assessments in 2017 (they have already started from April), involving more than 600 people, at 68 Eurozone banks, covering approved internal models for credit (in 2017 focus only on retail & corporate SME portfolios), market and counterparty credit risks. It should be note that operational risk it is excluded for now, while the low-default portfolios will be included in the process at a later stage of the project. The main points of interest of these reviews will cover arears like i) modeling methodologies, ii) governance framework, iii) model risk management, iv) data quality, and v) documentation of all model life cycle processes. Hence, it is expected that the experience from the TRIM project will generate adjustments and improvements in the above arears as well as new regulatory developments for Banks in the near future.
TRIM has just started and its outcome remains uncertain, however it is expected that the ECB following the Guide’s standards and principles will require from the banks to address all the compliance breaches that will come up regarding regulatory requirements after the end of the on-site reviews. Furthermore, it is important to be mentioned, that any models adjustments that may arise could result in increases or decreases in regulatory capital needs for the Banks.
The Guide for the TRIM
The ECB has issued on February of 2017 a Guide to TRIM with the purpose of helping Banks to better prepared for the upcoming on-site inspections. The specific Guide presents the ECB’s proposal on the supervisory practices and how should be applied across the Euro area. Furthermore, the on-site assessments will be used to identify compliance gaps as against the standards and principles defined in the Guide. Finally, it should be note that the Guide will be further updated during the TRIM project, based on the results mainly of the on-site assessments performed during the TRIM on-site inspections.
According to the contents of the TRIM’s Guide the proposed EU regulatory framework will cover topics around the areas of modeling methodologies, model risk management framework, model validation, model processes, organization structure, data quality and detailed documentation of models. The purpose of this supervisory framework is not only to verify the compliance with the regulatory requirements set out in Capital Requirements Regulation (CRR), the Capital Requirements Directive (CRD IV), the European Banking Authority, etc., but also to establish regulatory harmonization among the Financial Institutions across the Euro area by defining best-practice approaches to Credit Risk, Market Risk, Counterparty Risk and general issues related to Model Risk Management.
TRIM driving the need for Model Risk Management (MRM) Framework
Compared to the other EU regulation and guidelines, TRIM guidelines are more standardized and defined under a regulatory framework for Model governance / Model risk management. TRIM project is the ECB’s first public MRM guidance and its structure in the form of generic principles is highly possible to form the basis of future wide expansion and enrichment of Model Risk Management regulation in Euro area. Consistent with TRIM’s regulatory requirements some of the actions that should be performed by the financial institutions so as to ensure compliance with the TRIM regulations are the following:
Identification and Measurement of Model Risk
According to TRIM principles Banks should be in the position to identify, understand and manage efficiently model risk. This creates an obligation for the Banks to define, classify (based on the level of risk) and register all existing internal models in a common inventory for better understanding of their application, materiality and usage. Furthermore, Banks must establish a transparent Model Risk Governance Framework that fully aligns all relevant model risk policies, model development & model implementation processes, and relative controls that cope with the entire model lifecycle.
Definition of the appropriate Organization Structure
Based on TRIM Guide the Banks should be able to define and delegate roles and responsibilities (based on the three lines of Defense) across the Organizational structure for the MRM framework. It is likely that new business teams with clear MRM roles (i.e. model user, model developer, model owner, model validator, etc.) and tasks need to be developed in order to design, develop, operate and maintain the required MRM framework.
Definition of the appropriate Documentation Templates for Internal Models
Consistent with the TRIM principles the Financial Institutions will need to develop comprehensive documentation of the technical features of the model. The proper template of documentation should include key variables, key data sources, model methodology, the findings of the validation process, model assumptions, algorithms, model changes and the limitations of the model.
Definition of the Internal Validation function
One of the key elements of an efficient MRM framework according to TRIM requirements, is the establishment of a robust and independent validation function within the organization. This function will be responsible for the independent validation of models across the areas of quality of the data used, model methodology, processes, policies and documentation. All internal models that involve risk should be subject to a thorough internal validation on an annual basis.
Definition of the Internal Audit function
Under the specific regulatory requirements, Banks should develop a process of independent checks of the quality of the validation of the internal models. In case that model deficiencies are identified the specific Internal Audit function should ensure that appropriate measures are implemented in a timely manner by the responsible parties in order to mitigate the impacts from the exposure to model risk.
In response to these supervisory principles and developing the mentioned MRM framework, financial institutions need to implement the guidelines and enhance their operational processes as well as their MRM technological infrastructure through the assessment of all the related factors.
Key Challenges associated with TRIM
With the ECB, on-site assessments already started from April, Financial Institutions are expected to verify in a very short timeframe that their organizational structure and governance, model risk management processes, policies, and practices are consistent with the TRIM regulatory requirements. Subsequently, the implementation of TRIM project poses several significant challenges to financial institutions. These include i) Organizational Structure Changes ii) High volume of data and documentation, and iii) Thorough Regulatory Developments happening in parallel with TRIM
Organizational Structure Changes – Business Workflow
Many financial organizations still believe that model risk management should be driven only by the risk departments of the institution. However, these divisions cannot always understand all the details of the model through its entire lifecycle. This problem is overstated by the fact that models are getting large in number and even more complex to understand them than ever before. Additionally, in most of the cases, models do not operate in an isolated environment, there are multiple groups of users working on the same model. Subsequently, a challenge for financial institutions in order to meet the new compliance demands is the development of new teams (based on three lines of Defense) with clear MRM roles (i.e. MRM Committee, Internal Audit, model user, model developer, model owner, model validator, etc.) and tasks. Additionally, it should be formed by the Banks a set of model risk governance and control procedures across the model lifecycle with clear identification of tasks and responsibilities among the interest MRM teams.
High volume of data and documentation
According to TRIM Guide the Banks will need to deliver a high volume of data & documentation in a very short timeframe with proper quality standards. More specifically, during the on-site investigations ECB will require frequent and timely data exchanges in order to verify the compliance of the Banks with the TRIM regulatory requirements. Without adequate, proper and up to date data and documentation, the percentage of compliance gaps regarding TRIM requirements for the Banks will be high. Thus, a clear challenge for the organizations is the fact that they need to have in place a governance and controls framework in the areas of data quality and documentation. This challenge is exaggerated by the fact that with new regulations (i.e. IFRS9, FRTB) being rolled out, banks will need to develop and maintain more models with further complexity to meet new compliance requirements.
Thorough regulatory developments happening at the same time as the ECB on-site investigations take place
Implementing IFRS9 regulatory framework by January 2018 is one of the most critical challenges that the Banks currently face. The specific framework requires the Finance and Risk divisions to make more effective their collaboration and at the same time the implementation of IFRS 9 poses significant challenges to Financial Institutions from data availability, data quality, model development and model deployment perspectives as well.
At the same time, the TRIM project requires Banks to cooperate in a closely coordinated manner. The ECB during the on-site inspections will require from the Banks frequent and timely data exchanges as well as meetings in order to discuss potential compliance gaps regarding regulatory requirements.
So, being able to manage requirements in parallel regulations as the ones above is critical. The more resources the Banks allocate along with the support of the appropriate integrated technological platforms the smoother the process will be.
The TRIM project is the ECB’s first public MRM guidance and its structure in the form of generic principles is highly possible to form the basis of future wide expansion and enrichment of MRM regulation in Euro area covering not only the Internal but all the risk models.
Financial Institutions are expected to ensure that their Model Risk Management framework is consistent with the TRIM guidelines. However, ECB’s project should not just be thought as just an obstacle to overcome, but as an opportunity to elevate the model landscape to a comprehensive framework that will add value to the business decision-making process, beyond compliance.
Insights to deepen your knowledge
The risk and compliance agenda is more crowded than ever. Financial institutions continue to feel pressure from regulators, auditors, boards and investors to manage risk more proactively and comprehensively. Model risk governance is becoming more and more critical. As a result, financial institutions must operate their risk and finance functions in a more unified, cost-conscious and transparent manner that requires tighter organizational integration and more informed reporting.
We recommend to you SAS Risk Webinar Series where SAS experts will present best practice based on real cases and experiences on SAS approach to be compliant with regulators requests.