By Sridhar Sourirajan, Director, Risk Product Portfolio and Strategy, SAS
Analytical models are the lifeblood of modern financial institutions. Throughout their life cycle, they influence the needs of many different stakeholders throughout the organization. Negative consequences occur if business decisions are made as a result of incorrectly informed or incorrect model use – especially during stressful times.
Consequently, financial institutions are increasingly recognizing the need to marshal their resources to meet a variety of analytical and managerial challenges underlying current and emerging business and regulatory requirements. As they do, model risk management becomes a key competence. Historically, models were developed in silos without level of governance, which led to discrepancies in data quality, quantitative methodology, model application and validation processes. It is these shortcomings that model risk management is specifically designed to tackle.
The Progress in Model Risk Management
After the 2008 crisis, regulators increased their focus on model risk management significantly. The US Central Bank regulation SR 11-7 mandates, bank holding companies (BHCs) manage and control risk associated with models using rigorous design, implementation, and validation techniques. Model risk management became a critical component of stress testing programs, such as the Comprehensive Capital Analysis and Review (CCAR) in the United States and the European Banking Authority (EBA) EU-wide stress test. In these cases, banks must provide documented evidence of compliance with model management policies and procedures, model approvals by management, and evidence of effective challenges and their decisions.
In addition to BHCs, financial institutions everywhere – from asset managers to insurance providers – recognize that they need to do a better job of managing analytical models at the core of their investments, capital allocation, business performance, risk management and compliance processes.
Relying on legacy systems and processes: What could possibly go wrong?
There are various things that can go wrong in design, development, testing, implementation and use of models – which in turn leads to adverse consequences of decisions made using wrong output.
Relying on malfunctioning models or decisions based on wrong or abused model outputs results in model risk. Model risk can lead to failure to obtain regulatory approval of capital plans, financial loss, damage to a bank’s reputation, and loss of shareholder value.
There are two basic reasons why a model may be wrong or suffer performance (loss of lifting):
- A model is basically wrong because of wrong data, wrong design, wrong application of theory, a mistake in the mathematical calculations or wrong assumptions. Any of these errors will produce incorrect estimates that, when used against business goals, will inevitably result in decisions that lead to potentially negative effects.
- Model design and development is basically correct, but the model is misused or misused. A model designed for a specific situation can pose a high model risk when used in a different environment with different assumptions. It is very important to define a constraint and range for a model.
We can trace these challenges back to a lack of control over model management and workflow, as well as a reliance on older systems. For example, a recent one GARP-SAS model risk management study showed that many companies still rely heavily on traditional tools such as SharePoint. Such tools do not support the model management requirements in the future. Older systems suffer from a number of challenges, including:
- Database technology that is no longer supported by current enterprise information systems, making it virtually impossible to update and scale to meet new requirements.
- Lack of data integrity from inadequate system control.
- No audit trail, necessary management or records to document change management across different model inventory databases and other storage locations, e.g. Microsoft SharePoint.
- No data source integration, making it difficult – if not impossible – to track dependencies and correlation risk.
- A high risk of error due to the manual effort required to gather / consolidate data from many sources.
- Very limited reporting capabilities or increased reporting requirements that are handled manually.
Best practices for model risk management
To improve model risk management. You can establish controls and guidelines for measuring and addressing model risks at all stages of the life cycle. Examples of controls and measures include:
- Conduct a conceptual health assessment during the design phase.
- Review of peer reviews under development.
- Setting limits for model use.
- Conduct regular monitoring and maintenance reviews often after implementing a model.
To implement best practices For model risk management in your bank, you need the following:
- High data integrity and a single source of truth throughout the model life cycle and all related artifacts.
- Removal of manual reporting and implementation of executive dashboards.
- Planning and monitoring built into the system.
- The ability of the end user to respond to changes in data needs, workflow and reporting.
- Coordination between model development and validation team – including peer review.
- Creating a company-level model inventory.
Model risk management is the key to making your business sustainable
Many financial institutions are now aware that model risk management is about more than just regulatory compliance – it is an important business function if your business is to be sustainable.
Model risk management becomes a key competence that involves a change in culture and the adoption of best practices to measure and mitigate risk associated with the use of models. With a disciplined and aligned model development and implementation process, effective validation cycle management and a well-defined model application process underpinned by strong government policies, controls and governance structure, you are well on your way to a strong model risk management framework that fits into your company’s broader business, risk management and compliance -Goal.