The financial crisis highlighted the need for significant enhancement to regulatory oversight of financial institutions use of models and the resulting model risk to organizations. Systemic weaknesses in Model Risk Management (MRM) at financial institutions significantly contributed to the severity of the crisis and led regulatory agencies to overhaul outdated guidance with the release of Supervisory Guidance on Model Risk Management (OCC 2011-12 and SR 11-7). 

Heightened regulatory expectations and increased reliance on models to comply with emerging regulatory landscape (Dodd-Frank, Basel III, LCR, CECL, etc.) has proven to exponentially increase regulatory risk in these areas for organizations. Regulatory expectations affect the largest financial institutions as well as regional banks and larger community banks. Recent examination cycles have resulted in early-stage enforcement activity in the form of Matters Requiring Attention (MRAs) and even private Memorandums of Understanding (MOUs).  Common regulatory criticism includes:

  • Organizations MRM efforts largely limited to model validations and not a broader framework as outlined in the guidance
  • Failures to identify decline in model performance/effectiveness subsequent to initial model development and implementation
  • MRM as a binary determination (i.e. pass/fail; valid/invalid) versus identification and management of inherent model risks/limitations
  • Outsourcing of model design and/or validation without appropriate oversight and ownership from within the organization
  • Lack of independence in validation activities resulting in little “credible challenges” of models, particularly during the design phase and after models are seasoned

Financial institutions continue to struggle with individual models, particularly around the areas of DFAST, ALLL, Fair Lending, BSA/AML/OFAC compliance, and ALLL models including upcoming CECL standards. As annual model validations are no longer sufficient for compliance, organizations must view model risk management as a constant, ongoing activity incorporated into their broader Enterprise Risk Management programs.

Key elements include:

  • Board of director governance and reporting
  • Independent model validations based on model risk ratings
  • Ongoing evaluation of model use and model limitations
  • Credible challenge to model use and outcome by qualified third-parties
  • Model documentation consistently updated with adjustments and outcomes
  • Exception processes for documented model purpose, use, and outcome

MBAF provides “risk-appropriate, fee-reasonable solutions” for the MRM challenges organizations face.  Our Regulatory Risk Solutions practice has created a Model Risk Management operating model to facilitate discussion, program assessment and roadmap (PAR), and audits of an institution’s Model Risk Management program. 

Model Risk Management

MBAF derives a wealth of knowledge from deep industry experiences and regulatory interactions. We built a framework of Model Risk Management best practices to assist our clients stay a step ahead of the Model Risk regulatory curve.

Key services include:

  • Model Risk Management framework initial development and implementation
  • MRM program assessments and strategic planning
  • Model Validation, both individual models and broader validation programs
  • Regulatory enforcement remediation
  • Internal audit / independent testing of Model Risk Management
  • Board governance and oversight reporting programs
  • Outsourced MRM oversight and reporting
  • Model development and implementation, including system selection