The emergence of Enterprise Model Risk Management

The emergence of Enterprise Model Risk Management

The emergence of Enterprise Model Risk Management 
Financial institutions have been using models to support their decision making already for decades, therefore model risk management (MRM) is already a well-known topic. In recent times, however, the MRM discipline has become more formalized and rigorous as regulatory activities such as the recent EBA’s Targeted Review of Internal Models require banks to put extra compliance efforts into the management of their models.
In parallel, on trends such as Big Data, IoT but also new regulations such as IFRS 9 are pushing banks to develop more models which will have to be properly managed as well.

In order to address the above, financial institutions around the world are increasingly looking for skilled MRM professionals and new supporting systems which will help to tackle these challenges in the most efficient manner. Managing model risk requires a broader perspective and should not rely solely on model validation activities focusing on individual models, which is the more traditional approach, but rather focus on enterprise-wide level exposure to model risk and manage it like any other financial risks.
Model risk, scope, and impact:
For the purpose of this article let’s adopt the EBA’s definition of Model Risk:
Model risk comprises of two distinct forms of risk:
  1. Risk relating to the underestimation of own funds requirements by regulatory approved models; and 
  2. Risk of losses relating to the development, implementation or improper use of any other models by the institution for decision-making“
The implications of the second bullet above are quite broad, suddenly the regulators are shifting their focus from only regulatory models to any important models applied by banks, to ensure that their important business decisions are backed by sound analytical processes.

With the number of models used by larger banks easily reaching hundreds or sometimes even thousands, and constantly increasing (according to McKinsey this could reach even 10-20% increase every year) the financial institutions are also realizing that they need to start addressing model risk more holistically and cover the entire spectrum of models used across their whole organization.

Model risk can arise from deficiencies in any of the processes within the modeling ecosystem (Figure 1 below). Whether it is bad data quality, wrong model development assumptions, incorrect recoding of the model from development into the production environment or just lack of proper approvals, the result is the same, a model that should not be used for decision making.
Figure 1: Model Risk Management at the heart of the modeling ecosystem
Therefore it is important to realize that the maturity level of the underlying processes in the modeling ecosystem will heavily influence the effectiveness and efficiency of the MRM activities. And there are good reasons to ensure your models are in good shape. 

For example, Mckinsey in its Future of Bank Risk Management refers to a large US bank case that had losses of $6 billion, which were partially due to their value-at-risk model or a large Asia–Pacific bank that lost $4 billion when it falsely applied interest-rate models.

On the regulatory side, we have also seen banks that were forced by their regulator to take extra capital worth of billions of EUR due to deficiencies in their regulatory models and the governance around them. Each bln EUR of extra capital, assuming an average 10% ROI can translate into additional annual costs of roughly 100 mln EUR. A great motivation to make sure that your MRM processes are in good shape.
Embedding an effective and efficient Enterprise Model Risk Management
I believe these 5 key principles below are vital for a successful design & embedding of an MRM framework:
Figure 2: Components of Model Risk Management framework
I. Cover the entire modeling spectrum, but make sure you prioritize
Make this truly an enterprise-wide activity, make sure that all models with all relevant and related information are included in your inventory and that you cover all processes in the Model Lifecycle with exposure to model risk. Then use this holistic view to identify the focus areas and apply the model governance in order to embed controls and checks according to materiality of each model. This will allow you to deploy your limited resources efficiently to improve models in the areas where your institution is exposed the most and monitor the areas that do not require immediate attention.
II. Automate & standardize where you can
All activities within the modeling ecosystem are heavily interrelated (Figure 3 below) and any manual handover between them (e.g. data exports and imports between various system or manual recording of developed models when brought into validation/deployment environment) creates a potential for “something going wrong”.
Figure 3: Interdependencies within the modeling ecosystem
The more you automate, the less exposed your institution is and the less effort it takes for your MRM team to check & approve the various steps in the process. Number of institutions often use a variety of different tools for development, validation and the deployment of models. All this requires maintenance of parallel skill sets which is expensive but also creates inefficiencies when models are moved from one environment to another one.
III. Quantify & Report on MRM
What gets measured, gets managed and gets done. Being able to quantify model risk, report on model risk exposure, concentrations on model portfolio level and aggregate it up to model risk profile & appetite and monitor it on an enterprise level will help to increase awareness and will ensure that the problematic areas get the right attention they deserve.
IV. Focus on business benefits achieved
MRM should not only be seen as a “loss preventing” initiative, it can actually generate a lot of business value as well. Large institutions can easily have 500+ people involved with various activities within the modeling ecosystem. MRM processes and systems can improve their ability to share and reuse information, data, modeling concepts & scripts, reports and thus increase their efficiency. 

Combined with MRM triggered digitalization & standardization, this can not only significantly reduce the operational costs but also vastly speed up the entire modeling process and ultimately improve the time-to-decision which is very much needed in today’s agile world. According to Mckinsey’s recent MRM survey, institutions can save up to 20%-30% of their modeling costs in the modeling area thanks to the improvements introduced by an efficient end-to-end MRM framework.

Pointing out/highlighting these benefits will you help you secure the needed buy-in for the initial investments and to counter the resistance to change within your organization.
Note: This article has been published in the April's edition of the PRMIA's Intelligent Risk Magazine as part of content supporting the PRMIA's online Model Risk Management Virtual Training series.

The article was originally written and posted by Peter Plochan, FRM on Linkedin ( and was republished at our website with his permission

Post a Comment

Previous Post Next Post