Financial professionals are increasingly using models for both financial and operational analysis. Models help them manage the risks of capital allocations and underwriting. They facilitate compliance with regulatory reporting requirements. Unfortunately, like all analytical tools, they pose risks of their own.
A model consists of three components: an information input component, which delivers assumptions and data to the model; a processing component, which transforms inputs into estimates; and a reporting component, which translates the estimates into useful business information. In practice, models can be thought of as quantitative simplifications of real-world mechanics and potential outcomes. Of course, simplification can lead to distortion, and those distortions can subvert the very purpose of models: to accurately predict outcomes.
That is precisely where Model Risk Management (MRM) can help.
Defined as the analysis and mitigation of risk associated with models used to make decisions, MRM optimizes model outcomes and reduces confidence error. But MRM also promotes institutions to generate effective governance structures, policies, and procedures; conduct data quality and model performance reviews; and establish ongoing monitoring and reporting standards. By using sound MRM practices, decision makers can fully understand the limitations of the models they use and contextualize the performance of these models over time.
Model governance is foundational to effective model risk management practices. Good governance structures can facilitate compliance with current laws and regulations through accountability, documentation standards, and oversight. Specifically, the modeling process should have model owners, institutional accountability (including for vendor models), an up-to-date model inventory, stakeholder involvement, appropriate management approval, and contingency plans.
After determining which methods, systems, and approaches are eligible for MRM, the organization must systemize the management and oversight of these functions through appropriate documentation and accountability.
- policies and procedures: given this level of regulatory attention, it’s important to formalize policies and procedures that govern the modeling process. The goal is to generate models which consistently produce reliable results.
- documentation: institutions also frequently struggle with model documentation. Especially in the case of a vendor-supplied model, banks often rely on boiler-plate model manuals or user procedures from the vendor that provide insufficient detail on the model’s methodology, limitations, and controls. The goal of model documentation is to communicate the function and methodology of a model to both users and non-users alike. Since these documents inform senior leadership, external parties, and regulators, consistent and thorough documentation practices are imperative.
- change management: change happens—often in the form of regulatory updates and emerging industry trends, sometimes in the form of a worldwide pandemic. Institutions should position themselves to address these changes through model upgrades or redevelopment. Both large and small updates can present new risk exposures, including third-party and operational risk. Fortunately, the change management process provides a structured way to implement model-related changes and minimize those risk.
- oversight and supervision: day-to-day MRM is often the work of subject matter experts in analytics, valuation, and compliance. However, even the best processes and controls are only effective if they are championed by leadership. Board and management oversight of models is critical. The MRM Policy should be reviewed and approved by the Board and any relevant management committees annually.
Effective model risk management starts with governance. The design of policies, procedures, and model documentation create consistent output from models that help institution leadership make better and more informed decisions. Effective change management and oversight allows for a transparent model creation and development process, which allows leadership to be more in tune with the risks the business is engaged in. These are the first steps that must be taken by any institution to implement model risk management for more informed decision making throughout the firm. As models continue to become more integral to the operations of instructions so does the importance of these elements for good governance.
Grant Thornton library articles: