Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Regulators Are Upping the Ante on Model Risk Management and Governance

By Henry Umney, CEO, ClusterSeven

Auditors and regulators are upping the ante and demanding more thorough and stringent approaches to Model Risk Management (MRM) from financial institutions globally.In Europe, institutions are adopting Targeted Review of Internal Models (TRIM) regime; in the UK there’s the SS 3 18; and in the US, SR 11 7 is growing in importance for MRM.

Henry Umney
Henry Umney

The focus of outside scrutiny of models has moved from model validation – i.e. is the structure, design and function of the model understood, tested and documented? – to encompassing the comprehensive governance of models, including change control, access control, auditability and reporting. This also now extends to the models and calculators that feed the models, as well as the technology platforms that underpin the entire model environment.

The problem with existing GRC systems for MRM

GRC systems and /or in-house risk management systems are commonplace in regulated financial institutions and are typically used to manage model risk frameworks. Though not without issues. These systems typically lack the flexibility to capture the complexities of MRM programmes. The problem is further exacerbated as the models, tools and calculators use data and resources from the controlled corporate IT environment – as well as the less controlled ‘Shadow IT’ landscape, which is primarily independently operated by the individual business units themselves. All this combined, severely restricts the effectiveness and compliance of MRM programmes in institutions.

Additionally, MRM programmes evolve, as new modelling capabilities and more powerful models emerge. While flexibility and agility are of essence, making changes to traditional GRC systems frequently requires intervention from the respective third-party solutions’ vendor or IT. Consequently, the expense is substantial, and the lead times are lengthy. To overcome these, institutions often resort to manual processes (e.g. using email for confirmations of changes/approvals), creating further issues for both the users and management.Full transparency of changes to the models, tools and calculators as required by the business,auditors and regulators is compromised by such manual and informal processes.

MRM challenges

Due to the ever-increasing scale and scope of models, constrained budgets and resources, together with the enhanced regulatory environment, institutions are seeking to enhance the management of their MRM, while also finding ways of streamlining it. However, with a large proportion of the models, tools and calculators being created by end users, with little centralised control, organisations are struggling to even create an accurate inventory. One bank’s original inventory of 300 models now stands at close to 3,000 models, five years on. It is an indication of how rapidly models, tools and calculators multiply in institutions. This situation is likely reflected in most financial institutions.The constraints on budgets and skills add to the challenge as modelling teams are continuously being given more and more responsibilities, driven by the growing regulations and the business, but without the additional resources to undertake efficient and effective MRM.

Models are central to how financial institutions manage their business,investments as well as their product and service development. The risks and commercial value they underpin is significant. Neglecting to undertake proper MRM exposes institutions to operational, reputational and regulatory risk. 

Squaring the circle with automation

The solution to the challenge lies in undertaking an all-encompassing approach to MRM, which includes:

  • the creation, maintenance and validation of an enterprise-wide model inventory;
  • the alignment of MRM with supervisory guidance and business objectives;
  • the monitoring of policy and documentation standards, as well as sharing of fully auditable information.

Automation can enable financial institutions to build and continuously manage a central inventory of all the models, tools and calculators in the organisation. This will provide accuracy, consistency and transparency of the models, while also enabling them to monitor the criticality of each and tier the inventory based on the risk they pose to the business.

With the help of technology, institutions will be able to determine the data lineage and data interdependence of the models, tool and calculators across the enterprise. This capability is crucial to maintaining the accuracy and integrity of the applications. After all, models are developed, revised and decommissioned almost constantly and hence MRM can never be a one-off process or exercise.

Security and auditability are essential to MRM. Automation will provide the complete auditability as changes are made within the MRM environment.

Perhaps most crucially, automation will ensure there is effective model lifecycle management in an evolving model environment – a critical demand of the various regulatory frameworks. With automation, institutions can define points such as model attributes, workflows, algorithms and reports,which can to be updated and modified as the models themselves change. This kind of technology-led approach to MRM ensures that the standards applied to ALL models in the institution are consistent, accurate and achieved cost effectively.

A good place to start for financial institutions is to answer the questions – how is regulation affecting the organisation’s MRM plans? And should an error emerge, how is it likely to impact the business financially and reputationally – in addition to the regulatory consequences? This will then enable the institution to chart a course of action for MRM, based on its individual organisational needs.