Is the use of models exposing you to too much risk?

Financial institutions are extending the use of models in core business processes. They provide great power and flexibility, but unmanaged, they can expose you to commercial, operational, reputational and regulatory risk.

Model Risk Management

Models are vital, but need to be managed

Models are core to your business, helping you develop new products, manage your portfolios, and manage your organization. So unmanaged and uncontrolled changes to models, their data, or their calculations can compromise the transparency and auditability that management, regulators, and stakeholders now expect under frameworks including SR 11 7, SS3/8, CECL, IFRS 9 and others.

The flexibility and power of models – whether developed in Python, R, MATLAB or Excel – means they’re highly valued by end users looking to solve complex business issues. This flexibility can expose users and their institutions to significant risk through flawed MRM policy definition and adherence, as well as a lack of change control and approvals, data quality issues, document management, errors and omissions in calculations, and other problems.

The desire for speed and flexibility can mean users may overlook
their organization’s policies and procedures around MRM – some may not even be aware of a policy and how their application fits into it.  Failing to follow an MRM policy or using a policy that doesn’t meet the needs of the business means you’re risking putting a flawed application into production.  The possible result? Violations of commercial, operational, or regulatory guidelines.

Visibility and centralization are essential

Central to enforcing an MRM policy? Having visibility into applications that feature in the modeling environment. This allows risk managers to bring the broad range of end-user-developed applications fully into the MRM environment, without preventing users from making full use of their preferred applications.

Central to effective MRM is having a centralized monitoring capability where model user sand developers can register their MRM applications while continuing with business as usual. This sets up a robust framework for monitoring for reviewing the use, value, and changes made within the MRM environment, balancing the needs of the business, stakeholders, and regulators.

Core to many model environments is the use of Excel spreadsheets or Access databases, either as models in their own right or as tools and calculators that feed other models. Implementing controls and monitoring of these applications is crucial to effective and risk-resistant MRM. 

Solutions

Mitratech helps institutions to augment and upgrade their current MRM environment by leveraging powerful, proven solutions that are quick to install and deliver value fast.

EUC/Shadow IT Management

An automated tool like ClusterSeven lets you proactively discover, monitor, review, and audit changes made to End User Application spreadsheets and other “Shadow IT” data assets hidden across your enterprise.  Gain a centralized view of enterprise-wide critical spreadsheet use, assess and prioritize critical spreadsheets, and provide transparency for management and auditors about your most important files.

Policy Management

A policy management solution like Mitratech’s PolicyHub saves time and improves efficiency, supporting effective policy management by automating and streamlining the processes involved, and removing the complexities and errors involved. So you can build an ethical and defensible compliance program.

MRM (and related) blog posts
Read about the role of Model Risk Management in your enterprise, and insights on how to best manage their risks and rewards.

See more data privacy blog posts

eBooks, white papers & more
Relevant resources on Model Risk Management, spreadsheet management, and other challenges.

See more compliance resources