4t Model Risk Management

[Melvina Kryder]

Inprobing the model risk management terrain more closely, our research identified important trends and defined a model life cycle, from planning and development through model use, risk appetite, and policies.1 1.The research was performed by McKinsey Risk Dynamics, which specializes in model risk and validation. Our research also revealed the key questions on the agenda of chief risk officers (exhibit), and the extent to which these questions are being addressed in some of the most important areas.

Model planning should be well coordinated across the whole bank. While taking great care to maintain the independence of validation, the model-development group should work closely with validation, an approach that controls costs by reducing the number of iterations and overall development time.

As talent demands rise, the highly specialized skills needed to develop and validate models are becoming increasingly scarce. Nearly three-quarters of banks said they are understaffed in MRM, so the importance of adjusting the model risk function to favor talent acquisition and retention has become pronounced. Banks are now developing talent solutions combining flexible and scalable resourcing with an outsourcing component.

In the United States, the Federal Reserve is strict about proper deployment of the three lines of defense, with all stakeholders playing their roles: model developers need to continuously monitor their models; validation must make periodic reviews and audits, relying on the right level of rigor and skills. In Europe, implementation of the three lines remains less defined. The regulatory focus is mainly on regulatory models, as opposed to the US approach, where proper control is expected for all material models, whatever their type. Consequently, in the European Union, few banks have a control and governance unit in charge of MRM policies and appetite; in the United States, nearly all banks have an MRM unit.

In accordance with best practices, approximately half the surveyed banks have integrated model risk within their risk-appetite statement, either as a separate element or within nonfinancial risks. Only around 20 percent, however, use specific key performance indicators for model risk, mainly based on model performance and open validation findings on models.

All banks have a model governance framework in place, but 60 percent of the group uses it for the main models only (such as internal ratings based or stress testing). Half of the survey group has a model risk policy. For 60 percent of the group, model ownership is held by users, representing the preferred option for institutions that are more advanced in model management, allowing a better engagement of business on data and modeling assumptions. Risk committees authorize model-use exceptions in around 70 percent of cases.

The stakes in managing model risk have never been higher. When things go wrong, consequences can be severe. With digitization and automation, more models are being integrated into business processes, exposing institutions to greater model risk and consequent operational losses. The risk lies equally in defective models and model misuse. A defective model caused one leading financial institution to suffer losses of several hundred million dollars when a coding error distorted the flow of information from the risk model to the portfolio-optimization process. Incorrect use of models can cause as much (or greater) harm. A global bank misused a risk-hedging tool in a highly aggressive manner and, as a result, passed its value-at-risk limits for nearly a week. The bank eventually detected the risk, but because the risk model it used was inadequately governed and validated, it only adjusted control parameters rather than change its investment strategy. The consequent loss ran into the billions. Another global bank was found in violation of European banking rules and fined hundreds of millions of dollars after it misused a calculation model for counterparty-risk capital requirements.

This approach typically leads to the levels of conservatism being presented explicitly, at precise and well-defined locations in models, in the form of overlays subject to management oversight. As a result, the total level of conservatism is usually reduced, as end users better understand model uncertainties and the dynamics of model outcomes. They can then more clearly define the most relevant mitigation strategies, including revisions of policies governing model use.

Systematic cost reduction can only be achieved with an end-to-end approach to MRM. Such an approach seeks to optimize and automate key modeling processes, which can reduce model-related costs by 20 to 30 percent. To take one example, banks are increasingly seeking to manage the model-validation budget, which has been rising because of larger model inventories, increasing quality and consistency requirements, and higher talent costs. A pathway has been found in the industrialization of validation processes, which use lean fundamentals and an optimized model-validation approach.

The initial phase is mainly about setting up the basic infrastructure for model validation. This includes the policies for MRM objectives and scope, the models themselves, and the management of model risk through the model life cycle. Further policies determine model validation and annual review. Model inventory is also determined, based on the defined characteristics of the model to be captured and a process to identify all models and nonmodels used in the bank. Reports for internal and external stakeholders can then be generated from the inventory. It is important to note, however, that the industry still has no standard of what should be defined as a model. Since banks differ on this basic definition, there are large disparities in model-inventory statistics.

Governance and standards are also part of the MRM infrastructure. Two levels of governance are set up: one covering the steps of the model life cycle and one for the board and senior management. At this point, the MRM function will mainly consist of a small governance team and a team of validators. The governance team defines and maintains standards for model development, inventory, and validation. It also defines stakeholder roles, including skills, responsibilities, and the people who will fill them. The validation team conducts technical validation of the models. Most institutions build an MRM work-flow tool for the MRM processes.

With foundational elements in place, banks can then build an MRM program that creates transparency for senior stakeholders on the model risk to the bank. Once model-development standards have been established, for example, the MRM program can be embedded across all development teams. Leading banks have created detailed templates for development, validation, and annual review, as well as online training modules for all stakeholders. They often use scorecards to monitor the evolution of model risk exposure across the institution.

A fundamental objective is to ensure high-quality, prioritized submissions. Model submissions missing key components such as data, feeder models, or monitoring plans reduce efficiency and increase delivery time. Efficiency can be meaningfully enhanced if all submissions adhere to standards before the validation process begins. Models are prioritized based on their importance to the business, outcome of prior validation, and potential for regulatory scrutiny.

In the mature stage, the MRM function seeks efficiencies and value, reducing the cost of managing model risk while ensuring that models are of the highest quality. In our survey of leading financial institutions, most respondents (76 percent) identified incomplete or poor quality of model submissions as the largest barrier for their validation timelines.1 1.Many fewer respondents cited a lack of sufficient resources (14 percent) and the need to validate each model comprehensively (10 percent). Model owners need to understand the models they use, as they shall be responsible for errors in decisions based on those models.

One of the best ways to improve model quality is with a center of excellence for model development, set up as an internal service provider on a pay-per-use basis. Centers of excellence enable best-practice sharing and advanced analytics across business units, capturing enterprise-wide efficiencies. The approach increases model transparency and reduces the risk of delays, as center managers apply such tools as control dashboards and checkpoints to reduce rework.

The standards-based approach to model inventory and validation enhances transparency around model quality. Process efficiency is also monitored, as key metrics keep track of the models in validation and the time to completion. The validation work-flow system improves the model-validation factory, whose enterprise-wide reach enables efficient resource deployment, with cross-team resource sharing and a clear view of validator capabilities and model characteristics.

Consistent standards for model planning and development allow institutions to develop more accurate models with fewer resources and in less time. In our experience, up to 15 percent of MRM resources can be conserved. Similarly, streamlining the model-validation organization can save up to 25 percent in costs. With the significant regulatory spending now being demanded of institutions on both sides of the Atlantic, these savings are not only welcome but also necessary.

The contours of a mature stage of model risk management have only lately become clear. We now know where the MRM function has to go in order to create the most value amid costly and highly consequential operations. The sooner institutions get started in building value-based MRM on an enterprise-wide basis, the sooner they will be able to get ahead of the rising costs and get the most value from their models.

Model risk management refers to the supervision of risks from the potential adverse consequences of decisions based on incorrect or misused models. The aim of model risk management is to employ techniques and practices that will identify, measure and mitigate model risks i.e. the possibility of model error or wrongful model usage. In financial services, model risk is the risk of loss resulting from using insufficiently accurate models to make decisions, frequently in the context of valuing financial securities, and becoming prevalent in activities such as assigning consumer credit scores, real-time probability prediction of fraudulent credit card transactions, and money-laundering. Financial institutions are highly reliant on credit, market, and behavioral models for model risk has become a core component of risk management and operational efficiency. These institutions primarily make money by taking risks - they maximize models to evaluate risks, understand customer behavior, assess capital adequacy for compliance, make investment decisions, and manage data analytics. Implementing an effective model risk management framework is a requisite for organizations that are heavily reliant on quantitative models for operations and decision-making.

3a8082e126