The Emergence of Enterprise Model Risk Management


Model risk management (MRM) is not a new topic; financial institutions have been relying on models to support their decision making for decades.

Recently, however, the MRM discipline has become more formalised and rigorous. Regulatory activities, such as the recent European Banking Authority's (EBA) Targeted Review of Internal Models, require banks to put an extra compliance effort into management of their models. In parallel, developments in big data and IoT – as well as new regulations such as IFRS 9 and Fundamental Review of Trading Book – are pushing banks to develop additional models that will also have to be properly managed.

In order to address the above, financial institutions around the world are increasingly looking for skilled MRM professionals and new supporting systems that will help to tackle these challenges in the most efficient manner. Managing model risk requires a broader perspective and should not rely solely on model validation activities focusing on individual models, which is the more traditional approach. Instead, organisations should focus on enterprise-level exposure to model risk and manage it as any other financial risks.

Model risk, scope and impact

For the purpose of this article, let’s adopt the EBA’s definition of model risk:

Model risk comprises two distinct forms of risk

  • Risk relating to the underestimation of own funds requirements by regulatory approved models... and 
  • Risk of losses relating to the development, implementation or improper use of any other models by the institution for decision-making

The implications of the second bullet above are quite broad. Suddenly the regulators are shifting their focus from only regulatory models to any important models applied by banks to ensure their important business decisions are backed by sound analytical processes. With the number of models at larger banks easily reaching hundreds or sometimes even thousands and constantly increasing (according to McKinsey this could reach even 10-25% increase every year), financial institutions are also realising they need to start addressing model risk more holistically and cover the entire spectrum of models used across their whole organisation.

Model risk can arise from deficiencies in any of the processes within the modelling ecosystem (figure 1 below). Whether it is bad data quality, wrong model development assumptions, incorrect recoding of the model from development into the production environment, or just lack of proper approvals, the result is the same: a model that should not be used for decision making.

Figure 1: Model risk management at the heart of the modelling ecosystem

Therefore, it is important to realise that the maturity level of the underlying processes in the modelling ecosystem will heavily influence the effectiveness and efficiency of MRM activities.

And there are good reasons to ensure your models are in good shape. For example, in The Future of Bank Risk Management, McKinsey refers to a large US bank case that had losses of US$6 billion, which were partially due to its value-at-risk model risk, and also a large Asia Pacific bank that lost US$4 billion when it falsely applied interest-rate models.

On the regulatory side, we have also seen banks forced by their regulators to take extra capital worth of billions of euros due to deficiencies in their regulatory models and the governance around them. A great motivation to make sure that your MRM processes are in good shape. Good examples of most recent regulatory developments in this area are Prudential Regulatory Authority’s increased focus on management of model risk within the stress testing context or European Central Bank’s formally expecting institutions to implement an effective model risk management framework for all models in use, and not just the internal models for Basel purposes.

Embedding effective and efficient enterprise model risk management

These 5 key principles below are vital for the successful design and embedding of an MRM framework:

Figure 2: Components of a model risk management framework

1. Cover the entire modelling spectrum, but make sure you prioritise

To make this a truly enterprise wide activity, make sure you have all models in your inventory, and be sure that you cover all the processes in the model life cycle that expose you to model risk. Then use this holistic view to identify the focus areas and apply model governance to embed controls and checks according to the materiality of each model. This will allow you to deploy your limited resources efficiently to improve models in the areas where your institution is exposed the most, and monitor the areas that do not require immediate attention.

2. Quantify and report on MRM

What gets measured, gets managed and gets done. If you can quantify model risk and report on model risk exposure and concentrations at the model portfolio level, aggregate it up to a model risk profile and appetite, and monitor it on an enterprise level, then you will help increase awareness and ensure problematic areas get the attention they deserve.

3. Automate and standardise where you can

All activities within the modelling ecosystem are heavily interrelated (figure 3 below), and any manual handover between them (e.g., data exports and imports between various systems, or manual recoding of developed models when brought into the validation/deployment environment) creates a potential for something going wrong.


Figure 3: Interferences within the modelling ecosystem

The more you automate, the less exposed your institution is, and the less effort it takes for the MRM team to check and approve things. A number of institutions also use a variety of different tools for development, validation and the deployment of models. All this requires maintenance of parallel skill sets, which is expensive, and also creates inefficiencies when models are moved from one environment to the other.

4. Use support of a dedicated Model Risk Management technology

To facilitate automation and efficient deployment of the MRM framework, institutions need support from a robust & flexible MRM system (figure 4 below) that will act as the central model risk information hub and can scale up and down the governance and information requirements based on applied model risk classification and quantification methodology.       

Figure 4: Role of the Model Risk Management System

This is crucial for minimization of the administration burden for majority of the modelling stakeholders which is then imperative for smooth adoption of the MRM framework within your institution. Furthermore, the MRM system should contain predefined Model Risk specific content and capabilities that will further streamline the rollout of MRM framework. 

Number of institutions have already tried to leverage their operational risk systems for model risk management purposes as well, only to find out that they still need to perform significant customizations to capture all specifics of the modelling ecosystem (e.g. model relations, data sources and data quality) and will still lack specific quantitative capabilities (e.g. model performance measures) that are not needed for Operational Risk Management but are crucial for efficient Model Risk Management.

5. Focus on achieving business benefits and evolve over time

MRM should not only be seen as a “loss preventing” initiative – it can actually generate a lot of business value as well. Large institutions can easily have 500-plus people involved with various activities within the modelling ecosystem. MRM processes and systems can improve their ability to share and reuse information, data, modelling concepts and scripts, and reports, thus increasing their efficiency.

Combined with MRM-triggered digitalisation and standardisation, this not only significantly reduces operational costs, but also vastly speeds up the entire modelling process, and ultimately improves the time to decision – which is very much needed in today’s agile world.


According to Mckinsey, institutions can save up to 20%-30% of their modelling costs in the modelling area thanks to the improvements introduced by an efficient end-to-end MRM framework.

The more holistic and integrated approach you take, the more benefits & synergies of scale you can achieve. At the same time, the impact on the organizational structure and technology landscape should not be underestimated and should be carefully managed.

Therefore MRM transformation programs should not arrive as revolution but rather should gradually evolve over  time and be accompanied with adequate change management support. Starting by replacing their legacy approaches (excel / sharepoint based) banks can achieve quick wins and then transform into a dedicated MRM approach to deliver compliance. This will enable them to embark on journey towards an efficient and mature MRM ecosystem (figure 5 below) where the synergies & efficiencies can be generated.

Figure 5: The roadmap to MRM efficiency and maturity

Highlighting these benefits will help you secure the needed buy-in for the initial investments and counter the resistance to change within your organisation.

How can SAS help?

For decades, SAS has been the recognized leader in Data Preparation, Modelling and Analysis & Reporting areas. By combining these key strengths with industry expertise and proven track record in risk management, SAS is uniquely positioned to fully capture the end to end modelling ecosystem in order to maintain the  enterprise wide perspective on Model Risk Management and achieve significant efficiency improvements along the way.

With dedicated modules covering each of the crucial areas within the modelling ecosystem, SAS can streamline the modelling activities and facilitate the automated exchange of relevant information about models and their relations. Using dynamic workflow capabilities, SAS Model Risk Management solution can flexibly scale up or scale down the governance requirements according to the specifics of each institution, each model group and each stakeholders’s group. This solution contains all the prerequisites needed for reaching the target state on the roadmap to MRM efficiency and maturity.

By leveraging the capabilities above together with industry proven Model Risk Management expertise and content, SAS can help your institution to quickly generate the first benefits and then evolve into a truly Enterprise Wide Model Risk Management approach.



About Author

Peter Plochan

Peter Plochan, FRM is Senior Risk Management Consultant at SAS assisting financial institutions in dealing with their risk management challenges around risk regulations, ERM, risk governance and risk analysis and modelling. Peter has a finance background (Master’s degree in Banking) and is certified Financial Risk Manager (FRM) with 10 years of experience in risk management in financial sector. He has assisted various banking and insurance institutions with large-scale risk management implementations (Basel II, Solvency II,…), worked internally and also externally as a risk management advisor (PwC). In his free time Peter enjoys reading books (fantasy / sci-fi) and plays Capoeira.

Leave A Reply

Back to Top