Making the right decisions: The importance of model risk management
With the increasing use and reliance on technology, automated predictive, economic, and financial models help financial institutions make faster and better business decisions. But how should organizations manage risks? A strong model risk management (MRM) framework is critical.
Over the past several years, a number of financial institutions have embraced the use of automated predictive, economic, and financial models to conduct financial and business analyses. Many are also in the process of developing or implementing credit loss models to address the Financial Accounting Standards Board’s new current expected credit loss (CECL) standard.
Increasing model use, increasing risks
The proliferation of data and the increasing complexity of financial analyses have caused many financial institutions to turn to models to help increase efficiencies, reduce mundane and repeatable tasks, and save time and resources. While the use of models allows financial institutions to make faster and better business decisions, they also present significant risks if a strong MRM framework isn’t in place to govern their use.
The challenge is that few small and medium-sized financial institutions have robust model risk management processes to govern their use of models. While financial institutions in excess of $10 billion are subject to model risk management regulatory guidance, smaller financial institutions don’t have the same obligations — although MRM is encouraged. This has led many to approach model implementation on an ad-hoc basis, with functional areas developing models in order to enhance their specific decision-making processes. The issue with this ad hoc approach is that it opens an organization up to a wide range of risks, including risks associated with input accuracy, data completeness, and alignment of bank-specific assumptions and strategic goals.
Making model risk management a priority
While smaller institutions might not be subject to the same regulations as their larger counterparts, this doesn’t mean they should ignore such requirements altogether as they may be subject to such MRM requirements in the future. Additionally, if they’re going to spend the time and resources developing and implementing models, financial institutions should make sure those models work as intended. The last thing any financial institution wants to do is rely on inaccurate models for making key business decisions.
Where to start?
Financial institutions that use predictive, financial, or economic models should consider enhancing their approach to MRM. As a starting point, this could include undertaking the following key activities:
- Create an inventory of existing models — It’s important to conduct an inventory of any existing or in-development models. As a part of this, be clear as to the difference between a model and a tool so that all stakeholders have a common understanding of how to use and contribute to the inventory. In connection with documenting the inventory, include each model’s purpose, model owner, data sources, and significant assumptions.
- Understand regulatory requirements related to model use and verification — Financial institutions should take time to understand the regulatory requirements related to model development, implementation, and use, including validation, even if they’re not currently required to be in compliance. This understanding will help the organization manage the organization’s entity-wide risk and help them establish MRM processes aligned to comply with regulations they may be subject to in the future.
- Test and validate models — Institutions should test and validate any significant or complex models before implementation and on an ongoing basis so management can be confident in model outputs. For example, before implementing a new model, it should be run parallel with the existing process to ensure the new model is operating as intended and in line with expectations. On an ongoing basis, the model’s accuracy should be tested to determine if the use is still appropriate given the potential change in facts and circumstances. As recommended in the regulatory guidance, model testing and validation should be conducted by individuals or a third party independent from the models’ users and those that developed it. Based on the results of the testing process, institutions can identify model errors, track corrective actions, and ensure appropriate use.
- Note: Financial institutions should validate their use of the third-party models. This would include determining whether a model is appropriate for its intended use and that any customizable model assumptions are accurate and relevant.
- Involve the right stakeholders — MRM should be an entity-wide activity. The board should be responsible for providing governance of the entire MRM process, while management should be tasked with developing the MRM framework and related processes. Leaders with insight across the organization should be engaged in the MRM process to ensure assumptions are appropriate, model documentation is robust, and data sources are valid and accurate.
Knowing you’re making the right decisions
Models can be instrumental in driving better business decisions or your financial reporting process — but only if you’re able to rely on the outputs. If you would like more information on our model validation services or how we can enhance your MRM framework, please contact your local Plante Moran business advisor.