The number of models used by large operators in the financial sector is increasing by around 10 to 25 percent per year. Most of the new models are designed to meet business needs, such as pricing, the definition of strategic plans and the management of liquidity. Some, though, are for new activities, such as the analysis of big data. These models are also increasingly sophisticated. For example, for the management of customer relations or fraud monitoring and anti-money laundering activities.
Companies integrate both new and old models into company processes, exposing institutions to an ever-increasing level of model risk and the consequent operating losses. Regulators, therefore, require financial sector operators to identify, map, mitigate and monitor model risk.
Banks assess model risk the same way as any other financial risk affecting their capital base, and banks are expected to identify a system for its quantification. If a bank doesn't do this correctly, the business will not be in a position to determine the right capital requirements to cover the model risk, and therefore meet potential losses.
But how can financial operators ensure that their model risk management system is able to correctly determine this value?
Model governance as a step in the model risk management framework
A model risk management framework aims to guarantee the right level of control for banks to use on all models supporting corporate processes. The framework, therefore, assumes a broader scope and includes all model governance activities. The lines of defence play a key role in the process of model risk management. The policies and procedures define roles and responsibilities for the whole life cycle of the model, from origin to disposal.
A well-structured model risk management framework should optimize the activities of control functions, correctly assigning tasks to the three levels and ensuring an effective and efficient model risk control system.
The model risk management framework should, therefore, define the right level of controls to use. This, in turn, depends on the impact of a possible error in the model on the company's performance and reputation. The system should also include management of a model library that identifies managers, stakeholders, key characteristics and the use of each model. Banks have to develop an inventory that clearly allows them to classify all their models. This enables a bank to govern and adequately manage model risk exposure based on the overall organizational risk appetite.
Model risk management
The issue of model risk management has therefore started to extend significantly beyond model governance, particularly in Europe. New requests coming from the European Banking Authority are pushing organizations towards a new approach of a model risk management framework that builds a culture of model risk governance.
Model risk governance and organizational structures are both integral parts of the model risk management infrastructure. There are two distinct levels of governance: one to cover the phases of the model life cycle, and the other for use by senior and top management.
Two teams for model risk management
The model risk management function should contain two teams, one responsible for governance and one for validation, with different tasks and responsibilities. The governance team will be in charge of defining the standards for the development, inventory and validation of the models, as well as identifying the roles, skills and responsibilities of the various stakeholders. The validation team will be responsible for the technical validation of the models. Each of these must be based on a well-defined, regulated and monitored process with a clear approval workflow.
There is nothing new about model risk management, but there is some urgency to this process. An integrated model risk management system is essential for reliable model performance. This translates into strong mitigation of the associated risk and a substantial reduction in related costs. Model risk management is, however, becoming a fundamental part of risk management in financial services organizations precisely because model risk continues to increase.
A broader model risk management approach aims to create consistency between the materiality thresholds defined by the company (based on the characteristics of the model and the company risk profile) and the controls. This can only be done by classifying the models to determine the appropriate level of risk to be mitigated. By integrating model risk with the risk appetite of the entire institution, the organization can obtain a clear and complete view of its exposure and the required level of controls.
New model risk governance and management challenges: Artificial intelligence and machine learning models in financial services
Financial services regulators across the globe are now paying attention to the use of AI and machine learning models. An example is the Federal Reserve’s "Guidance on Model Risk Management" (SR Letter 11-7) that highlights the importance to safety and soundness of embedding critical analysis throughout the development, implementation, and use of models, which include complex algorithms like AI.
AI, as well as machine learning, is likely to present some challenges in the areas of opacity and explainability. Recognizing there are likely to be circumstances when using AI is beneficial, even though it may be unexplainable or opaque, AI and machine learning should be subject to appropriate controls governance. All challenges can be covered with a robust model risk governance and management framework.AI, as well as machine learning, is likely to present some challenges in the areas of opacity and explainability. Click To Tweet
To learn more about AI in banking and risk management, please check out the survey from the Global Association of Risk Professionals (GARP) and SAS about how AI is transforming financial services.
What are the results of an appropriate model risk management system?
A correctly implemented model risk management system will allow companies to make a more efficient allocation of resources and maximize the benefits obtained from investments. It will also drive increased efficiency in the control system linked to the organizational models. A strongly integrated model risk management process can, therefore, lead to better use of capital, lower capitalization in the face of correct risk mitigation, and greater profits, generating a competitive advantage for the institution.