Model Risk Governance Leading Practices from Empowered Systems
Posted: 15 November 2013
Mathematical models, algorithms and calculation engines are increasingly a part of everyday life. They operate in a broad range of systems, from the bots designed to snap up eBay deals, restaurant bookings, and concert tickets, to the pathfinder algorithms inside Satnav systems or air traffic controls.
Modeling processes have always been a part of finance. Some have described high level financial institutions as being essentially technology firms, so it is unsurprising that here, at the cutting edge, models are used for a broad and ever-increasing range of activities across the industry, from underwriting credits, to risk management and capital adequacy, to valuing exposures and instruments. The use of risk models has become more important in recent years in the industry, particularly in the fields of Enterprise Risk Management (ERM), and Operational Risk. As the models have become more complex and widespread, it has become increasingly necessary to modulate and govern their usage. Efficient Model Risk Governance (MRG) allows for an increase in aggregation and regulatory reporting capabilities, a decrease in duplication of effort, and savings across the Balance Sheet.
Models consist of three components:
- Information input, delivering data and assumptions
- Processing, altering inputs into estimates via calculations or other methods
It is important to note that models are not necessarily entirely calculative and numerically based – many are partially or entirely qualitative. A model may utilize fuzzy judgments, non-numeric metrics, or other qualitative assumptions.
There are two major forms of model risk. The first is based around the potential mathematical errors which can be incurred by a model due to the way in which it functions, causing inaccurate outputs. This can be due to underlying errors in the application of theory, sample design, and numerical systems. Any model is “inaccurate” to a certain extent, and this form of quantitative model risk represents an accounting process for those inaccuracies. Shortcuts and simplifications, incorrect input data and assumptions, utilizing late-stage loss events rather than root causes from bank processes are all potential causes.
The second form of model risk, on which this paper focuses, is Model Risk Governance (MRG). This is the incorrect usage of models – even fundamentally correct models, using accurate data, which can cause inaccurate results if deployed in the wrong manner. This can occur both deliberately, and accidentally. Deliberate model risk in this manner can occur if an individual uses the model in a scenario or a market for which it has not been designed. Accidental model risk can occur due to changes in the market or customer conditions which the model was designed to operate under. It is vitally important for firms to be able to monitor and control how and when their models are deployed, with appropriate feedback and escalation procedures.
Faulty models were behind the trading loss suffered by JP Morgan in April 2012. The loss occurred in part due to a breakdown of the decision-making processes based around the models of the Synthetic Trading Portfolio resulting in inaccurately used models. The issues primarily involved the Value at Risk (VaR) model which was revised three times over the course of the incident, and a failure to review risk limits when scheduled. Breaches in the model limits were therefore papered over and the models themselves were altered to fit the data, with little effective oversight.
MRG can be considered to comprise three lines of defense:
- The controls exerted by business and corporate functions, and the responsibilities for managing those models throughout their lifecycles. This includes formal processes for definition, development, implementation and monitoring.
- Enterprise risk functions and committees. These establish standards for governance, validation, and monitoring of adherence to MRM policies.
- Independent audit. Independent assessment of the design and operational effectiveness of the controls and policies of the first and second lines.