Sound Model Risk Management
Adding effective value to banks with the Board of Directors in the driving seat
The revised standards of the Basel Committee include a further decrease of the benefits of internal models for regulatory capital calculation. At the same time, internal models have increasingly become decisive tools for strategic decision support, scenario analysis and stress testing, the valuation or assets and liabilities and all kind of internal and regulatory forward-looking exercises.
Model risk covers two types of risk:
- Risk related to the underestimation of solvency requirements and the lack of level playing field related to regulatory approved internal models
- Adverse consequences from decisions based on incorrect or misused model output and reports
The evolution of model risk management
In my experience, the concept of model risk management is quite new and still evolving in Europe as opposed to the USA.I have observed that the Federal Reserve started profoundly challenging US based banks on sound model risk management back in the aftermath of the 2011 financial crisis and the dramatic experience with internal models for securitized products.
The US model risk management teams have been placed under severe stress in a way that they face major difficulties to hire staff with the appropriate skills.The US guidance describes a model as ‘a quantitative method, system or approach that applies statistical, economic, financial, or mathematical theories, techniques and assumptions to process input data into quantitative estimates’.This very broad definition might even qualify many spreadsheets as a model.
I clearly observed these strongly increased Federal Reserve requirements during my latest banking experience requesting to set up a company-wide model risk function, maintain an inventory of all models with a full documentation of their design, assumptions, materiality and use.Internal audit teams have been requested to include a model risk management assignment in the yearly internal audit plan with a challenging role of the Federal Reserve inspection teams.Non-US supervisors started following this guidance with some delay.
Model risk has in the meantime also become a major concern from the European supervisors in line with the best practices of the Federal Reserve. I had the opportunity to experience this in many contacts with the local and European supervisors over the last years. It is my conviction that the US practice will become the global standard worldwide.
Regulatory references & expectations of the European Central Bank
The latest ECB regulatory developments request from the Financial Institutions to put a framework in place allowing to manage effectively model risk. Recent European regulation (CRR/CRD – TRIM – SREP & Prudent valuation) guides banks on how to identify, understand and manage model risk:
I clearly expect that the European Banking Authority (EBA) and the European supervisors will opt for the implementation of an effective risk management for all models potentially having a structural impact on the income statement and the balance sheet. This means that ‘model’ definition will be much broader than the traditional regulatory one. This will require that banks put in place an appropriate and integrated process involving all stakeholders in the life-cycle of a model.
Model governance in Belgian banks – my recommendations
Changing the mind set to consider model risk as an opportunity, not a burden
I observe - in general - room for improvement for Belgian banks as to the application of sound model risk management principles. The outcome of the latest Supervisory Review and Evaluation Process evidenced shortcomings in terms of internal model coverage and governance. We belief however that the recent European regulatory focus on model risk management represents an outstanding opportunity for the Belgian banks for:
- Putting in place a stricter governance for model risk limiting the ‘degree of freedom’ of model developers and model users
- Enhancing the quality of risk data infrastructure/ risk data management
- Integrating sound risk management into decision making: credit granting process – asset allocation & pricing - portfolio monitoring – model performance back testing - stress testing -annual budget process - IFRS9 provisioning – SREP projections - medium term financial projections among others
- Implementing the three lines of defense framework for model risk as for other risk types
By doing so, model risk management will add effective value to banks and increase efficiency while ensuring compliance with regulatory requirements. I observe however that many banks still consider – wrongly - the focus on model risk management as an additional supervisory burden. I would strongly recommend a cultural move in this perspective. A ‘reconciliation’ of the supervisory priorities and the priorities of the Governance bodies would not only be beneficial in terms of sound risk management but also enhance the overall efficiency in the supervisory dialogue.
Conduct a stakeholder mapping & define roles and responsibilities
Model risk management initiatives have traditionally been driven by the risk management departments of banks. The Risk department is however ‘only one’ of the many stakeholders in the model risk management process and governance. Subsequently, we recommend a clear identification and determination of appropriate roles and responsibilities to make the process efficient and effective (including a strong developed internal control process).
Belgian banks have still a long way to get there including data quality/integrity issues and the appropriateness of the risk information systems.As the application of proportionality for smaller Financial Institutions, it is my understanding that regulators and supervisors seem to show willingness to move into this direction with some additional prudential conservatism in return. Proportionality might apply to modelling complexity whereas no concessions will be made in terms of governance.
A ‘Board level process’ - Claim the accountability of the Board
We advocate the Board of Directors and the Specialized Committees to take the ‘driving seat’ in putting in place a sound and effective model risk management for all models with a potential structural impact on the income statement and the balance sheet of the bank. The bank wide model inventory should present a holistic understanding of models’ application and their use including model deficiencies and limitations. The inventory should allow to challenge the different stakeholders in the model management process and to set priorities in model review and calibration. This is a key supervisory role of the Board of Directors.
This accountability of the Board should be demonstrated over the model life cycle including the sound governance of model performance back testing, stress testing, model reviews, material model changes, model deficiencies and assumptions. Supervisors are increasingly challenging Board members and members of the specialized committees on their understanding of the assumptions and the outcome of the internal models applied. One of the lessons learned from the financial crisis is that the use of quantitative models should be mandatory complemented by a strong challenging role of the Risk Management function and the Board of Directors in its oversight role.
This cultural change has already been partly implemented in the US where model risk management has become a ‘Board level process’ thanks to the supervisory guidance.I had the opportunity to go through this move in the US branch of the bank I recently worked for and I can confirm that the required organizational change can be largely facilitated by the exemplary role of the Board.
About Rudi Sneyers
After holding a wide range of management functions within BACOB Bank and Artesia Banking Corporation, Rudi Sneyers joined the operational risk management division of Dexia Bank Belgium (currently Belfius) in 2002 as deputy Head of the division. In 2004, he became Director of the Credit Risk Management division. He was appointed deputy Chief Risk Officer of Dexia Group in May 2007 – a challenging journey in view of the emerging banking and sovereign crisis of 2008 and 2011. From May 2014 untill mid -January 2018, he held the position of General Auditor of Dexia Group also in charge of internal model validation and the ECB Office. Rudi joined TriFinance in 2018 to lead FI’s Risk Management & Compliance Practice.
About TriFinance’s Risk Management & Compliance Practice
The TriFinance Risk Management & Compliance practice is supporting banks and insurance undertakings in anticipating and addressing the tighter regulatory standards relating to risk management, compliance and internal control by monitoring the different European and local regulatory and supervisory bodies. Simultaneously, TriFinance can help banks in all kinds of transformation processes of the Risk Management and Compliance function to be better prepared for the rapidly evolving external environment.