Guide to Model Risk Management

Financial institutions rely heavily on quantitative analysis and models in most aspects of decision making. Organizations routinely use models for a broad range of activities, including underwriting credit, costing and pricing risk, determining capital and reserve adequacy, and many other activities. In recent years, models are applied to more complex situations with more ambitious scope, such as enterprise-wide risk measurement, while the markets in which models are used have simultaneously broadened and changed. Changes in regulation have spurred some of the recent developments, particularly the U.S. regulatory capital rules for market, credit, and operational risk based on the framework developed by the Basel Committee on Banking Supervision. The evolution of model risk management continues to be a key focus of financial services regulators and institutions as CCAR (Comprehensive Capital Analysis and Review) and DFAST (Dodd-Frank Act Stress Tests) rules have matured.


While the financial services industry and governing regulatory bodies continue to focus a large amount of attention and dollars on the creation of better quantifiable algorithms and models to predict and protect from the next crisis, there lies beneath these mathematical complexities a sleeping giant that if not adequately addressed by organizations, will leave these intelligent calculations ineffective. The heavy hitter regulations such as Basel and Dodd-Frank concentrate on the model data and results themselves, but the quiet force known as model risk management, is addressed most directly through guidance rather than prescriptive rules (such guidance is issued by the Fed, Supervisory Letter SR 11-7 and the OCC Bulletin, 2011-12, as well as bank examiner and other discreet supervisory practices).

As guidance is just a means of assisting, it allows every organization to choose a sensible framework that best meets its particular culture and organizational environment. However, guidance also leaves the door open to interpretation and that leaves an organization potentially vulnerable to regulatory scrutiny when determining how best to manage its model risk. This level of exposure leaves many risk managers concerned when approaching what can seem a daunting task of instilling a sense of control and process into the art of model development. Our experiences have shown model risk management compliance can be both manageable and highly beneficial to a bank’s overall risk management structure.

Setting up a model governance structure is analogous to establishing a system development lifecycle (SDLC). It is a necessary standard that offers a level of process and control, while facing similar organizational challenges when managing adoption and adherence.
Organizations that integrate model governance policies and procedures with existing IT SDLC processes, have a significantly higher rate of adoption and compliance success.
By adhering to an integrated approach when setting up a model governance framework, organizations can drive effective oversight, reduce model risk and move from mere compliance to business advantage.

The following are key operational elements to consider when establishing a model governance structure:

Assess your Model Risk Governance

It is vital to match the needs of the business and the organization’s risk appetite with the goals of the framework before developing and implementing a model risk management structure. To identify the critical gaps in your Model Governance structure, assess the maturity with the following preparatory questions:

A “Rapid Prototyping” approach can help to maintain controls while managing risk.

Design a Model Governance Roadmap

Following the assessment of your Model Risk Governance, time should be spent with key business, modeling, data, risk, audit and regulatory stakeholders to create a roadmap that lays out the path and timeline to develop the model risk framework so sponsorship is established at the onset of the transformation. Consideration as to whether the model risk management framework is to be centrally managed by one function vs. decentralized down into the business areas should be established up front. This will enable clear roles and responsibilities to be delegated as the roadmap is designed.

Aligning corporate goals to the framework objectives will help direct organizations down the most appropriate path between these critical decision points. Additionally, the acknowledgement of the corporate culture’s strengths and weaknesses will help determine how to implement the plan. For example, will the corporate culture accept a big bang approach to address a change required by a regulatory finding or will the organization need to take more time to execute through incremental enhancements?

Define Clear Roles & Assemble the Team

A talented team is at the center of model governance. It is important to consider the strengths required for each role and include resources who bring project management, technical documentation, audit, and business analysis skills in addition to deep quants to form a well-rounded team that is adept at addressing all the components of a successful risk management framework. The following are examples of key roles that all contribute to sound model governance practices:
How the team is deployed is an equally important consideration as you set up the model group. The organizational culture is key when determining the best deployment structure.
Understand which structure, whether it be centralized, decentralized or federated, will be met with the most acceptance across the organization to allow for ease of adoption and achievement of cross-organizational support of the new framework and team.

Develop a Comprehensive Model Framework

Model governance ensures that models are built, maintained and used in a repeatable manner that meets both the business objectives as well as the regulatory compliance requirements. Implementing an end-to-end model framework supports well-organized governance by defining the step-by-step process to build, test, document, implement, train users, monitor performance and operate these critical model lifecycle components. A standard and repeatable framework starts with comprehensive policies, procedures, and controls and facilitates common understanding across all model stakeholders.

It is important to also integrate detailed documentation and robust testing throughout the lifecycle. Regulators are focusing their attention not only on the governance process, but also on how comprehensive and usable model documentation and testing is to ensure repeatability, traceability and transparency across the organization. Model documentation conveys a model’s purpose, assumptions, key design decisions and limitations to users, facilitates a faster validation process, and greatly reduces key person dependency concerns. A formal testing structure ensures issues and errors are found early and reduces the risk of inaccurate model results.

The following are some best practices to consider when setting up a model framework:

Establishing a well-designed model offers benefits beyond compliance.

Focus on Data

Well managed model development extends beyond the model itself. Defining a consistent process for managing information as inputs and outputs of models is also critical for achieving strategic business objectives and ensuring models accurately reflect logical outcomes.
As detailed in Clarendon Partners white paper “Compliance Driven Business Value”, regulations such as Basel 239 are requiring financial institutions to demonstrate that their data governance policies and procedures also align with organizational practices such as information security, legal and compliance policies.
This requirement for effective management of data across the organization requires a holistic view of how the Enterprise Data Management (EDM) structure ties in to the model framework in order to provide the required transparency from reporting all the way through to the data elements themselves. As previously stated, a key step in accomplishing this task is to involve enterprise data management stakeholders early in the model governance framework development. This will ensure governance policies are in synch and buy-in is gained to aid in integration across the organization.

Enabling Organizational Growth

A governance standard that is adopted across the organization will improve the understanding of the model by the business and allow the model in part or whole to be reused for other business purposes. This reusability helps the organization make better informed decisions, improve risk management practices and gain competitive advantage. Additionally, a well-planned approach will result in better models and thus avoid big losses which would more than offset the cost of good governance. For example, while regulators may agree with a bank’s model structure, if they are not comfortable with the controls around the governance process, they may reject the required filings or worse, fine the organization for a lack of control. By making strategic and tactical investments in a model governance framework, leaders can transform organizations to not only reduce enterprise risk, but to also progress the success of the overall business goals.
Share this page: