Financial Institutions (FIs)

The recent market volatility and macroeconomic trends demands a significant change in the models used by banks (e.g., business, risk, compliance). The fact that this could alter and impact the  model outcomes, FIs realize the need for a strategic change management process built around strong governance to facilitate effective implementation and compliance with MRM standards.

Inadequate practices and standards regarding model development and usage has led to widespread attention and exposure while also facilitating sub-optimal lending decisions, and pricing that can impact financial performance. This then may lead to a domino effect on steering parameters of FIs, including profitability, operational efficiency, capital requirements, etc. This is evident across models covering credit risk, market risk or operational risk, and even include models enhanced by machine learning (ML) and artificial intelligence (AI).

According to Haie Lawrenz,  a member of KPMG’s Global Model Risk Management Working Group: “The global financial crisis showed us that model risk is real and that the consequences can be far-reaching. In the past some banks have suffered from significant financial and reputational damages due to the use of uncalibrated models or the use of inappropriate models to address considered risks. Additionally, the importance of models for business decisions have increased significantly as we see the inclusion of AI and ML models in the new digital business models and sales channels.”

Regulators meanwhile are intensifying their focus on Model Risk Management (MRM), with regulatory inspections and exams connected to MRM increasing and regulators publishing new guidance. Most FIs implement their general approaches to MRM based on the requirements of the US Federal Reserve/OCC’s SR11-7 guidelines. Since then, other significant initiatives — including the European Central Bank's (ECB) Target Review of Internal Models (TRIM) in 2017, the ECB guide to internal models in 2018, and guidance from the Bank of England (BOE) Prudential Regulation Authority (PRA) - continue to emerge and significantly evolve as supervisors aim to contain model risk through  enhanced MRM governance and concepts.

“We are experiencing an increasing demand in stakeholder expectations which is driving a positive impact on risk management. Regulators, shareholders, and board members around the world are pushing for an increase in sophisticated risk management protocols across at an enterprise level covering capital, liquidity, and even credit and cost forecasting. Regulatory attention on this matter is accelerating the level of guidance provided to FIs to help them drive progress towards a more effective and efficient model validation value chain.” Mahesh Balasubramanian, Partner, and Financial Services Lead, KPMG in Bahrain.

Forward-focused FIs have already embraced the concept of MRM, and realize its critical importance to their operations, growth and future prosperity. However, we are still witnessing many FIs struggle to meet the complexities and challenges posed by the regulators, particularly in relation to the typical model approaches and the diversity of the environments in which models are used.

MRM is still significantly underappreciated which has led to the risk of many FIs developing short term solutions with limited strategic benefit and scope. Emerging technology and AI are taking MRM to the next level and is rapidly becoming a steady feature in digital sales channels for various client and sales channel applications. However, many FIs lack even basic MRM governance exposing themselves to significant operational and financial model risk.

There are five leading challenges in today’s global markets that need to be considered by FIs to create an effective and sustainable MRM function:

1. MRM framework: Banks generally use models to support decision making, financial and regulatory reporting, and to provide predictive information across their business functions. As a result, they are exposed to potential risks arising from the use of models and need to establish an appropriate MRM framework with clear model definitions that better serve the industry and their asset class.
2. Model inventory and tiering: The heart of MRM is usually a model inventory, which includes all models that fulfill the regulatory guidance as well as the internal definitions of a model. Based on the implications of a model ‘going wrong,’ FIs generally categorize their models as high, medium, or low risk. Unfortunately, precisely defining what constitutes high, medium, or low risk requires conceptually is posing challenges. FIs should decide on the relevant factors to consider when tiering models, such as materiality, impact, uncertainty, regulatory implications, etc. Regulators expect transparency in the classification methodology, the use of limited subjectivity, and clear documentation of all assumptions and rationales for conclusions.
3. Model lifecycle: While the inventory is a critical part of the MRM, it is also essential that the model lifecycle needs to address the different phases right from development to initial validation, approved usage, transparency, accountability and eventually its final decommission to mitigate model risk.
4. Communication: Communication, both internal and external with stakeholders, throughout the lifecycle is critical to the success of the MRM, i.e., for management, validation, external communication with supervisors and regulators, etc. It is also very important to embed the model risk culture and mindset across the organization.
5. Technological environment: Recent technological advancements has aided the MRM setup quite significantly and provides a holistic view of model risk across the organization. It may be developed internally or through the support of an external vendor or managed services in a strategic environment with consideration for flexibility and economic tactical solutions.

MRM not managed is a real threat for FIs and the impact from the risks can be far-reaching. With the increased scrutiny from regulators FIs need to ensure that they maintain an effective and sustainable MRM. While governance is key, MRM standards must factor in the treatment and management of AI/ ML models into their governance.

While FIs focus on the validity of their individual models, the efficacy of the controls implemented covering the design, development, revision, and use of models is also paramount.

Haie Lawrenz further adds that “Based on regulatory requirements highlighted in a current regulator’s guidance and consultations, many banks are struggling to meet their mandate and need to urgently prepare and enhance their MRM governance to ensure that they are not impacted by their exposure to model risk as well as any regulatory gaps within their models or MRM-framework.”

Additionally, MRM is an emerging risk, especially for audit committee members, as FIs increasingly rely on a significant number of models for business and risk management purposes.

Title: A structured model landscape enables FIs to better understand model risk. Models are generally clustered in categories. The number of models within an institution can be from a lower two-digit number up to even >1000 models.