Skip to main content

Model Risk Management: A Risky Business

By 20 Mar, 2020February 22nd, 2023Insights, Risk Management, Technology Trends
In Europe, the US Federal Reserve (FED) and the US Office of the Comptroller of the Currency (OCC)’s Supervisory Guidance on Model Risk Management (SR 11-7) is accepted as the global standard for the application of model risk management (MRM). Specifically, this guidance – issued to market participants in the form of a letter – provides recommendations to commercial and investment banks (CIBs)of all sizes on the best practices needed to develop and apply a robust MRM process.
SR 11-7 provides this guidance by introducing stages to MRM, which allows CIBs to garner a common appreciation of the concept of the MRM lifecycle. On the basis of its experience with CIBs of all sizes, GreySpark Partners has developed a comprehensive view of this lifecycle, its requirements and the best means of its practical application.

Mapping the MRM Lifecycle

In 2020, the MRM lifecycle is commonly understood, and it is adopted across the investment banking industry, with each institution implementing its own interpretation of a MRM governance framework (see Figure 1). As such, the industry risks an inconsistent level of implementation of guidelines, which can be attributed to the broad and flexible nature of SR 11-7 in the application of its recommended processes.

GreySpark observes that, regardless of the selected governance framework, the MRM lifecycle is made more efficient when it allows for flexibility with regard to the different types of models – i.e. their asset class, activity and risk level – and thus when information sharing across different lines of model risk defines is most effective.


Figure 1: The Model Risk Management Lifecycle

Source: GreySpark analysis


The 5 Most Challenging Areas of Model Risk Management

Through the delivery of a variety of solutions aiming at bringing CIB MRM processes to maturity, GreySpark identified five key areas that are typically the most challenging for institutions to implement. Specifically:

  • Model Identification – The current regulatory regime does not give guidance to banks on how to identify model feeders within algorithms. As a result, inconsistencies in the identification process are observable across banks as well as within an individual institution’s own lines of defence. GreySpark believes that the incentive to resolve this challenge should be a priority for all banks because – as the first step of the MRM lifecycle –model identification is the basis on which all other steps are built. CIBs of all sizes should thus ensure that the identification process is well documented, supported by adequate tools and that it is shared across the three lines of defence.
  • Model Testing –As part of the development process, model owners are required to test that the new model is as efficient as possible in the context for which it is built. Despite this fact, GreySpark frequently observes that most banks do not have the tools in place to allow for model-tailored testing requirements, which raises questions around the relevance and validity of the tests performed. CIBs that rely on the industry’s most mature MRM processes and supporting tools seek to counter that effect by adapting testing requirements to the specific needs of each model (such as its risk level, asset class and / or activity).
  • Model Validation –Similarly to testing, banks’ requirements for validation are not always adapted to each model’s activity, asset class and risk level. This creates a concern that models are not necessarily validated to take into account the purpose for which they were built, hence that their associated risks are not appropriately mitigated. Therefore, the objective for banks is to find the right tools and methods to make the validation process as flexible and tailored to different types of models as possible, while maintaining an appropriate level of due diligence.
  • Model Change Management – The typically lengthy model change management process creates frustration for all lines of risk defence as model changes are sometimes implemented too late for the bank to benefit from them. In that context, where models are feeders of risk management algorithms, the model change timeline has a negative impact on the algorithm validation process. Therefore, banks are observed as increasingly taking a risk-based approach in their requirements for change validation and documentation.
  • Information Sharing – GreySpark observes that an overarching challenge to the application of all stages of the MRM lifecycle for most banks in the industry, is the lack of efficient information sharing between their lines of defence. Having the right tools and human resources in place to deal with actionable information is the basis for a flexible and valuable MRM process. In that context, banks must focus their efforts on ensuring that the documentation supporting that information is fit for purpose, and that the lines of defence are receptive to receiving it.

Over a series of five articles, GreySpark will explore these five topics in an effort to assess the challenges associated with their application and to draw out the best practices that can be utilised to manage their implementation.

The first article in the series of five will examine best practices for model identification.

For more information please contact the authors

    Your Name (required)

    Your Email (required)


    Your Message