As banks begin to approach the $10 billion asset threshold on their path to growth, it is important to strengthen the risk management function, including how banks conduct model risk management activities within the organization. The following outlines key questions, focus areas, and best practice considerations to help improve the model risk management program.
Assess the Strength of Model Risk Management: Questions to Consider & Key Focus Areas
Banks should use the following focus areas as a gauge in evaluating their readiness and approach to model risk management as they approach $10 billion in assets.
- Is the model risk management program ineffective or in development? Having a well-developed model risk management program provides the necessary foundation to help manage model risk. Banks should prioritize their model risk management development long before they cross the $10 billion threshold.
- Is adequate governance on model risk management in place? There should be a designated committee created to assume ownership of model risk management and report to the board of directors.
- Does the model risk management group lack appropriate staffing? Banks need experienced, knowledgeable professionals, commensurate with the number and complexity of models in the inventory.
- Is there a strong model identification process? The definition of a model from the regulatory guidance must be interpreted by the bank in order to develop a process for model identification. The process should be universally understood and applied throughout the lines of business.
- Does the model inventory feel too light or too heavy? Banks should evaluate whether they have a rigorous process to identify models, as well as how their process impacts the inventory volume. The process of identification should be clear and meet the bank’s interpretation of the regulatory definition of a model.
- Is the model documentation complete and consistent for all models in the inventory? Model documentation is crucial for banks approaching the $10 billion asset threshold. A well-developed model risk management group can work to create a uniform model documentation template that can aid model owners in developing the model documentation in accordance with regulatory expectations.
- Is ongoing monitoring being performed and are the results being reported to model risk management? The performance of every model should be continually monitored, and the ongoing monitoring results should be evaluated by model risk management and/or the designated committee.
- Is there a strong model validation and model review schedule? A validation time frame, based on risk, should be developed with high-risk models undergoing validations more frequently.
The Path Forward: Model Risk Management Best Practices
After reviewing the questions and key focus areas above, the following best practices should be considered to assess the bank’s model risk management readiness and efficiency.
- Define model risk management before crossing the $10 billion threshold. The model risk management framework should be well developed long before a bank crosses the $10 billion threshold, which is not only required by regulators but also can help the bank get a pulse on its overall aggregate model risk. It may take years to develop a strong model risk management group and process. Organizations should consider a phase-in process that begins with model identification and model inventory, and then progresses to develop a strong model risk management team with standard policies and procedures to help ease the burden of developing a model risk management framework all at once.
- Foster proper model oversight. The model risk management group should be responsible for ongoing maintenance of the model inventory, while working in tandem with model owners. Risk committee members and the board of directors should be kept informed of model performance through regular (often quarterly) reporting updates on model validation results, ongoing monitoring results, changes to models, new models, and staffing. Model validators and third-party consulting groups can act as a second line of defense to help banks validate their models and perform the necessary effective challenge. In addition, the model risk management committee should be able to assess how overall changes in risk for individual models (decreasing, stable, or increasing) impact the overall risk level within the bank’s risk appetite.
- Evaluate if the model risk management group is properly staffed. Regulatory guidance states that the size of a model risk management group should mirror the size of the model inventory. Based on the volume and complexity of models within the inventory, the staff may require outsourcing to third parties to complete all required validations in a timely manner. The model risk management group should report to the bank’s designated risk officer, and model risk management should be governed at the committee level, such as an executive risk management committee or board of directors’ risk committee. A model liaison could be hired to act as a bridge between the model risk management group and the model owners. The model liaison should work with model owners regarding documentation and template completion, as well as help identify any new models.
- Evaluate the model inventory. Make sure the model inventory includes all models, not tools or spreadsheets, currently in use throughout the organization. If the inventory is too light or too heavy in terms of volume, a thorough evaluation of the inventory should be performed. For a light inventory, reach out to the various lines of business to confirm they understand the definition of a model and what should be inventoried. Also, regular discussions with vendor management should take place for continuous knowledge of new vendors, critical vendors, new models, technical documentation, issues with proprietary models, etc. For a heavy inventory, evaluate each model in the inventory to confirm it meets the definition of a model. Similar models may qualify for consolidation, and estimations obtained from third-party providers may not belong on the inventory. Depending on the breadth of the model inventory, this process may require the assistance of third-party consultants to evaluate the models currently in use. Regardless of the inventory’s size, a review of both current and potential models within the bank should occur on an annual basis. As the model risk management program matures, consider creating a non-model inventory and regularly reviewing the non-model inventory for changes too.
- Train model owners properly regarding model documentation templates. In addition to developing templates for strong documentation, it is important to educate model owners about the significance of their use, particularly as it relates to performing a full-scope validation. Consider prioritizing the documentation of high-risk models first, then developing a phased approach to create documentation for medium and low-risk models.
- Develop and maintain an ongoing monitoring plan for all models and review the results on a regular basis. While the monitoring of each model will continue to develop over its life, the most important thing is for the first line of defense to start monitoring the model results on a regular basis and work to improve the ongoing monitoring plan over time. The ongoing monitoring plan should be included in the model documentation even if the model was recently developed without much history; a plan should still be developed for ongoing monitoring to be performed in the future. Ongoing monitoring activities may include back-testing, actual versus predicted analysis, precision and accuracy testing, etc. The ongoing monitoring status of each model should be reported to the model risk management committee as the process becomes more defined. Summary metrics could be created to show details on the ongoing monitoring status, as well as the latest ongoing monitoring results for each model, so that the committee remains well informed.
- Develop a model validation and review schedule. The scope and depth of a validation should be commensurate with the scale and complexity of the model. An example would be low-risk validations every three years, medium-risk validations every two years, and high-risk validations every year. A validation schedule will enable model risk management to plan for adequate resources, whether internal or external, and verify the models are being validated at an appropriate frequency. Model reviews should be performed in the non-validation years, as appropriate.
The model risk management function takes time to strengthen—therefore, it should be on the radar early on as a bank approaches the $10 billion asset threshold. Organizations should review and identify areas of improvement within the bank’s model risk management function through an assessment of key focus areas and best practice recommendations, some of which are listed above. If you have any questions, please reach out to a professional at Forvis Mazars.