Mind The Gap: Model Risk Management – Best Practice Versus Reality
Financial models have had a banner year in 2020 and 2021, as modelers in financial services have reeled under the exceptional circumstances of major economic shocks, only to recover themselves as economies have recovered.
Once again, they have been able to help senior managers chart a way forward through a highly dynamic economy, allowing many banks to be highly successful.
Model Risk Management (MRM) teams have also been challenged during this period and have to support the business by ensuring that the systems and processes used to manage model risk remained effective during intense change and disruption.
MRM itself has been a bit of a “black box” process for many in recent years, but consultants Deloitte have shed light on its vices and virtues with the publication of research into the realities of MRM in 2021. It’s research we’ve explored in depth in a new MRM white paper.
The research features insights that reward careful reading, and these include:
- Models, by and large, are well defined and understood in banks
- Model inventories are in widespread use and feature technology that make them easy to use.
- That said, not all models are in centralized inventories.
- Not all model owners understand their responsibilities
- Investment favors model development over model validation
This insight is fascinating because the picture it paints of the 80 or so banks, of all sizes, that took part in the research is that MRM regimes are more complex and nuanced than many involved would probably like to admit to their peers. Rather than a highly polished, automated, and streamlined array of systems and processes, the reality is that these systems and processes are a compromise between limited time and skills and the need to complete for budget with other departments
Who had the most developed MRM frameworks?
The issues raised can be compared with industry best practice, defined by the US SR 11 7 framework, and the UK’s SS3/18.
The largest banks had the most developed MRM frameworks that align closely with best practice. Where standard practice sometimes departed from best practice was in those areas that had more recently adopted modeling as a core capability, such as operational risk or credit decisioning, or even HR. These functions likely had more models outside the central inventory and made more use of manual processes to manage issues around model validation for example. These present significant model risks to businesses.
Who diverged from best practice (and why)?
Smaller institutions were typically less ambitious in their use of models, remaining focused on credit risk primarily. That said, their lack of budget and skills meant that they typically limited their investment in MRM technology, typically utlising toosl usch as excel, email and sharepoint. These firms are using manual processes where best practice would advocate the use of automation to reduce errors and reduce risk.
There were several reasons, why many institutions diverged from best practice. Some were down to there being insufficient staff anywhere who could deliver best practice MRM. Not surprisingly, they were typically found looking after the core models at the most prominent institutions, honing systems and processes that were likely unique and therefore valuable and expensive.
Another issue was technology. Many newer models have been built outside the control and influence of the corporate IT function, using end user- based and cloud-based capabilities. This situation means that good practice is more difficult to enforce or instill, exposing institutions of all sizes to model risk.
Get the MRM white paper to learn the details
We have created an MRM whitepaper to help institutions better understand the research and its relationship to best practice, as laid out by their regulators. It explores these best practice definitions, the main themes of the research, and a technology-led approach to MRM that helps institutions of all sizes bridge the gap between best practice, limited skills, and a diverse model technology infrastructure.
Verwalten Sie Ihre Schatten-IT-Tabellenkalkulationen
Mit ClusterSeven können Sie die Kontrolle über die in Ihrem Unternehmen versteckten Endbenutzer-Computer übernehmen, die ein verstecktes Risiko darstellen können.