Model Risk Management (MRM)
Financial institutions today leverage the power of financial and economic models for both capital and risk management as well as business decision making. Regardless of the level of sophistication of models adopted, financial institutions are exposed to model risk.
What is model risk management (MRM)?
According to the Supervisory Guidance on Model Risk Management (SR 11-7), the US Federal Reserve and the Office of the Comptroller of the Currency (OCC) defined "model" and "model risk" as follows:
- "Model" refers to a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.
- "Model risk" refers to the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports.
Model risk arises from the fundamental errors of the model being used against its design objective and intended uses. Inaccurate data input, assumptions, methodology, processes, and the misinterpretation of model output could also attribute to model risk.
Regulatory landscape of MRM
Global regulators have been working continuously to bring solutions to model risk related issues, from the Bulletin on Risk Modelling issued by OCC in 2000 to more recently the Model risk management principles for stress testing issued by the Prudential Regulation Authority at the Bank of England in 2018.
The European Central Bank (ECB) released the Guide to Internal Models in October 2019 to conclude the requirements on the use of internal models for credit risk, counterparty credit risk, and market risk. While the paper detailed the regulatory expectations on model validation process and the requisite of policies and procedures for model governance and data systems, the ECB has highlighted that the implementation of a MRM framework would allow financial institutions to reduce the risk of potential losses because of flaws in the development, implementation, or use of models.
In the Supervisory Review Process (CA-G-5) released by the Hong Kong Monetary Authority (HKMA) in Jan 2020, more emphasis has been placed on firm-wide risk management as well as the appropriateness and validity of the risk measurement techniques. Financial services firms operating in Hong SAR will need to continuously evolve through regulatory transformation, and instil a MRM culture within the organization.
The purpose of a MRM framework is to oversee model design and development, validation, implementation as well as controls and monitoring to help identify, assess and mitigate model risk. As the focus of MRM has evolved from individual models to enterprise-wide model risk, MRM frameworks have become crucial to ensure sound decision-making and effective risk management.
MRM pillars include:
1. Organisation and governance
Management oversight and organisational structures are some of the essential building blocks in MRM. Regulators in Hong Kong SAR and abroad expect financial institutions to maintain a MRM framework that is approved by the Board and to generate periodic management reports for senior management. Independent Model Validation functions and clear reporting lines within the Risk department are also required to achieve regulatory compliance and promote accountability within the organisation.
2. Model lifecycle management
Model lifecycle management oversees the different stages of the life of models adopted by an organisation, including model development, documentation, classification, inventory, and follow-up.
3. Model control framework
Models are classified according to their risk levels. They are subject to continuous assessment and periodic validation to ensure that they are fit-for-purpose and calibrated to reflect the changing environment. Approvals should be obtained before the models can be deployed to production.
4. Model Risk Quantification
Quantitative techniques can be adopted to mitigate model risk, in particular to detect defects such as data input, model parameters, and errors.
5. Model Risk Management Processes and Technology
Optimised processes and technological capabilities are essential to support the integration of the MRM framework into day-to-day business.
Beyond regulatory compliance
MRM is more than a compliance exercise. As the industry moves towards more sophisticated and analytically driven models, we have observed that there is a growing dependency on models during the decision-making process.
Effective MRM allows for a faster and more effective response to crisis in times of turbulence through the following competitive advantages:
1. Greater clarity and accountability around model use
Defined risk ownership and established reporting lines that outline the job duties of various functions and allow effective management oversight over the lifespan of any models used.
2. Improved model performance
Having a structured MRM program is beneficial to financial institutions for making decisions related to capital allocation and improving their overall operational efficiency, thus gaining competitive advantage over their industry counterparts.
3. Early identification and rectification of model risk issue
A specialized model risk function dedicated to continuous model monitoring and calibration enables timely identification and mitigation of measurement uncertainties and model deficiencies.
How Deloitte can help
Our model risk management experience can help our clients to evolve as industry leaders and navigate the risks and opportunities of a MRM programme.
Some areas of enhancement for firms in Hong Kong SAR include:
- Model development, documentation, and use
Going beyond identifying the use of models, data sources, and model calibration, a comprehensive documentation that details the model development process, validation findings and the intended use and limitations of the models enables financial institutions to keep track of all changes and versions of the models.
- Model risk assessment services
Model Risk Assessment Framework consists of qualitative and quantitative assessment, sensitivity analysis, and model risk mitigation. Financial institutions should assess and re-evaluate models on a periodic basis to control its model risk exposure.
- Model risk strategy, governance, audit and controls
Model risk governance oversees the way financial institutions develop, deploy, validate, control and monitor models for credit, finance and marketing activities, as well as document and maintain model inventories. A Model Control Framework ensures alignment between the approved MRM framework and implementation.
- Model risk technology
Technological solutions for MRM include IT infrastructure and core functionalities set-up for a MRM platform. Moreover, workflow process management and data quality management are essential to integrate MRM into the day-to-day business of financial institutions.
- Managed risk and operations
We provide a managed risk service that integrates into the client's risk function by co-sourcing and/or outsourcing under a set of defined, standardised processes to support regulatory compliance. Delivery teams can be on-site, nearshore, or offshore, offering skilled and experienced specialists in all locations, from senior to junior levels.