Is the use of models exposing you to too much risk?

Financial institutions are extending the use of models in core business processes. They provide great power and flexibility, but unmanaged, they can expose you to commercial, operational, reputational and regulatory risk.

Model Risk Management

What is MRM (model risk management)?

The MRM meaning and model risk definition is the risk of loss resulting from using inaccurate or poorly devised models to make decision.  Models are used throughout financial services firms, and are being used by other companies, as well.  Valuing exposures, assigning consumer credit scores, predicting transaction fraud, and detecting suspicious, criminal or terroristic activity are just some of their varied uses.

There are costs and risks involved in using models, however, ranging from the direct costs of developing and implementing them to the adverse impacts of making decisions based on flawed or misused models.  So it’s essential to adopt model risk management (MRM) to control the risks created by unmanaged models.

Models are vital, but need to be managed

Models are core to your business, helping you develop new products, manage your portfolios, and manage your organization. So unmanaged and uncontrolled changes to models, their data, or their calculations can compromise the transparency and auditability that management, regulators, and stakeholders now expect under model risk management frameworks including SR 11 7, SS3/8, CECL, IFRS 9 and others.

The flexibility and power of models – whether developed in Python, R, MATLAB or Excel – means they’re highly valued by end users looking to solve complex business issues. This flexibility can expose users and their institutions to significant risk through flawed MRM policy definition and adherence, as well as a lack of change control and approvals, data quality issues, document management, errors and omissions in calculations, and other problems.

The desire for speed and flexibility can mean users may overlook
their organization’s policies and procedures around MRM – some may not even be aware of a policy and how their application fits into it.  Failing to follow an MRM policy or using a policy that doesn’t meet the needs of the business means you’re risking putting a flawed application into production.  The possible result? Violations of commercial, operational, or regulatory guidelines.

Visibility and centralization are essential

Central to enforcing an MRM policy? Having visibility into applications that feature in the modeling environment. This allows risk managers to bring the broad range of end-user-developed applications fully into the MRM environment, without preventing users from making full use of their preferred applications.

Central to effective MRM is having a centralized monitoring capability where model user sand developers can register their MRM applications while continuing with business as usual. This sets up a robust framework for monitoring for reviewing the use, value, and changes made within the MRM environment, balancing the needs of the business, stakeholders, and regulators.

Core to many model environments is the use of Excel spreadsheets or Access databases, either as models in their own right or as model risk management tools and calculators that feed other models. Implementing controls and monitoring of these applications is crucial to effective and risk-resistant MRM. 

The impact of successful model risk management

Implementing MRM helps assure that the models being relied upon by an organization are more accurate and relevant.  That helps stay compliant with DFAST/CCAR and regulatory expectations, but also leads to better business decision-making that can have positive impacts on performance and profits.

When data is reliable and timely, models can transform it into actionable strategies for mitigating risk and exploiting opportunities, and creating competitive advantage.


Mitratech helps institutions to augment and upgrade their current MRM environment by leveraging powerful, proven solutions that are quick to install and deliver value fast.

EUC/Shadow IT Management

An automated tool like ClusterSeven lets you proactively discover, monitor, review, and audit changes made to End User Application spreadsheets and other “Shadow IT” data assets hidden across your enterprise.  Gain a centralized view of enterprise-wide critical spreadsheet use, assess and prioritize critical spreadsheets, and provide transparency for management and auditors about your most important files.

Policy Management

A policy management solution like Mitratech’s PolicyHub saves time and improves efficiency, supporting effective policy management by automating and streamlining the processes involved, and removing the complexities and errors involved. So you can build an ethical and defensible compliance program.

MRM (and related) blog posts
Read about the role of Model Risk Management in your enterprise, and insights on how to best manage their risks and rewards.

See more data privacy blog posts

eBooks, white papers & more
Relevant resources on Model Risk Management, spreadsheet management, and other challenges.

See more compliance resources