Control of Model Risk
Background
Models are central to many areas of Financial Institutions and are used for decision support, monitoring, financial / regulatory reporting, scenario analysis, stress testing and more. As models grow in volume and complexity across organisations due to international and national regulatory requirements, the risk of model error is also increasing and becomes a concern for Consumers, Investors and other stakeholders of Financial Institutions.
Model risks include (but not limited to) errors in the model design, analysis and development process, such as errors in data input, data processing, statistical analysis, assumptions, computer code. Potential for AI here.....
These models are typically used in one of the following categories:
-1. Credit Risk
2. Market Risk
3. Operational Risk
4. Liquidity Risk
5. Book, Economic & Regulatory Capital
6. Valuations/Financial Reporting/Budgeting
Establishing minimum standards and principles for effective management of model risk throughout the organisation ensures that:-
1. A repository/database of all models is maintained
2. Models are classed by Criticality, Significance and Importance; and categorised by Risk Type
3. Model requirements and scope are clearly defined
4. Model documentation is commensurate with the model's importance
5. Models are tested, and subject to appropriate review
6. The performance of models are validated regularly after implementation
7. Explicit approval is obtained before a model is used or changed
8. Models are used only in situations where they have been shown to be fit for purpose
9. Accountability and Ownership for the control of model risk is clear wherever models are in use across the organisation
Minimum Standards to Consider
1. Define Roles and Responsibilities - Individuals/Groups undertaking key roles must be identified at the outset of model development
2. Identify a Business Owner - The individual(s) responsible for setting the business objectives for new models and/or recommending enhancements to existing models
3. Determine Impact of Model Error - Assess materiality impact in the event of Model error. e.g. impact on P&L, Daily VaR or Financial Reporting. Determine expected and unexpected losses that could potentially be caused by model errors, and develop mitigation actions to reduce losses
4. Identify a Model Owner - The individual(s) responsible for maintaining the model, ensuring documentation is up to date, and that regular model evaluation is undertaken
5. Identify Model Developers - The individual or group who are responsible for developing the model
6. Identify an Independent Reviewer - The individual, team or peer group who will undertake an independent technical review of the developed model prior to implementation
7. Identify Approvers - The individual, team or governance committee who provides formal sign-off during the design, implementation and ongoing validation of the model
8. Implement Access Controls - Models must be implemented in a controlled environment with appropriate access restrictions through user privileges/roles and passwords including Separation of Duties.
9. Implement Change Control - Implement and document testing and change control procedures for the model which includes changes to model parameters and values