Banks’ growing reliance on models as well as their increasing complexity with the advent of emerging technologies makes it imperative for banks to deploy a robust model risk management program. Recent guidance from the ECB, and its interim TRIM findings, also show that almost all investigated banks need to do better in this area – especially when it comes to data quality. Banks should act now to ensure they are prioritising the most important areas of model risk management.
Banks are relying more and more on models to measure and manage risk and facilitate their ever increasing scope of decision-making mainly to meet heightened regulatory requirements. In addition, the rapid use of emerging technologies such as machine learning also means that the models themselves are fast becoming more complex and opaque. In turn, supervisory and regulatory scrutiny of model risk management (MRM) has significantly increased in the past years.
Therefore it is crucial for banks, and Significant Institutions (SIs) in particular, to have a robust MRM framework. The European Central Bank’s (ECB) guide to internal models – general topics chapter (‘the Guide’) defines an effective MRM framework including written MRM policies; a firm-wide model inventory; a system of model classification; guidelines for model risk measurement; procedures for model risk reporting; and a framework for model risk governance. When it comes to model risk measurement, the Guide emphasises the qualitative aspects of model risk and the need for consistency across banking groups. Data deficiencies, model misuse and implementation errors are identified as examples of qualitative model risks. In recent years, the ECB’s focus has been on qualitative aspects of model risk, especially data quality, seems to be strengthening. This is illustrated by the ECB’s letter to banks in April 2019 setting out its findings from the Targeted Review of Internal Models (TRIM) project, specifically indicating that nearly all on-site investigations (OSIs) revealed issues related to data quality. The letter focuses heavily on inadequacies in data management and data quality processes, particularly in credit risk models and IRB modelling. Some of the most notable aggregate findings are that:
The findings unveiled under the data management and data quality processes largely include weaknesses in areas related to the data quality framework's governing principles, policies, the allocation of roles and responsibilities, the metric approach for monitoring data quality, and processes for data quality incident management and reporting. These findings support our own market observations, which suggest that poor data quality and insufficient model documentation are leading sources of findings raised as a result of model validation.
Even more recently, in July 2019, the ECB published a revised version of the risk specific chapters of the ECB guide to internal models. The amended risk specific chapters reinforces supervisory expectations relating to the maintenance and use of data. Key areas of change include data maintenance, the use of external data and ratings, and the interaction between model data, model processes and human judgement (see Figure 1).
All this means that many banks have work to do to ensure that they're meeting supervisory expectations on MRM – especially in relation to qualtitative aspects of model risk. In light of the revised ECB guide to internal models and the interim TRIM findings, we believe that banks should adopt the following measures, if they have not done so already:
Furthermore, the recent publication of supervisory priorities for 2020 (PDF 74 KB) including upcoming supervisory activities in relation to the European Banking Authority’s internal ratings-based (IRB) repair programme indicates that the supervisory focus on adequacy of internal models will continue to gain traction in the coming year. In this context, it becomes more critical for banks to establish a robust MRM framework in order to ensure suitable measures are implemented, so as to minimise the chances of models producing misleading or unwarranted results.
To sum up, MRM is not only a growing supervisory priority; it’s crucial to circumventing harmful decisions over numerous areas such as lending, risk management, provisioning and capital requirements. Therefore, a robust MRM framework is essential, and the ECB’s letter shows that nearly all banks could do better – especially on data quality aspects.
For more information, please click here to visit KPMG’s Model Risk Management (MRM) solutions and thought leadership hub page.