6 Key components of a Model Risk Program Framework.

Model Risk Framework Program.jpg

Model Risk

Model Risk Management



What are Challenges and Components of a  Model Risk Framework?

Models are all around us, integral and important to organizational operations and efficiency; but the risks that they can sometimes pose, can materially impact the financial well-being of an organization. In order to understand the risks, we must first define what a model is and what are the risks from operating a model. . A model refers to a quantitative method, system or approach that applies statistical, economic, financial or mathematical techniques and assumptions to process data into quantitative estimates. A model consists of three components, an input, a processing element and an output. Model risk is the potential for the use or misuse of models to adversely impact the organization. Model risk primarily occurs for three reasons:

1) Data, operational or implementation errors

2) Prediction errors

3) Incorrect/inappropriate usage of model results.

A Model Risk Framework Document is the foundational piece in addressing the risks and challenges described below with models.

Risks and challenges:

  1. An incomplete model inventory;

  2. Lack of a valid method to update the model inventory on a regular basis.

  3. Maintaining the Independence of the model validation department.

  4. Model validation process fails to demonstrate “effective challenge and review”.

  5. Lack of suitable data used in the model development process to support review/validation.

  6. Lack of developmental evidence to substantiate model assumptions;

  7. Lack of an explanation to support the application of expert judgment and model overrides;

  8. Fail to include relevant risk drivers in the model.

  9. Models have not been validated and or re-evaluated.

  10. Failure to maintain comprehensive and up-to-date model documentation.

Given the above risks and challenges, a Model Risk Framework will therefore incorporate the following nine elements.

1) Philosophy of risk, principles, scope, model risk program design (including standards) model risk appetite, risk taxonomy, controls and industry regulations.

2) Model Risk Governance including the roles and responsibilities of all: Board, senior management, model owners, model developers, model users, model validation team, and internal audit.

3) The design and structures of various model risk management policies and procedures to include:

a) Data management policy,

b) Model validation policy and requirements

c) Model documentation requirements for both in-house developed models and third-party vendor models.

4) Model Inventory Policy and Procedures which will include the completeness of current inventory and process of updating on a on going basis.

5) Model Risk Rating Policy and Procedures which will rate the model’s materiality to the function of the organization.

6) Model Development and Implementation Policy which incorporates the following considerations:

a) Integration into new products 

b) Planning for model updates and changes

c) Planning for additional uses of existing models

7) Model Validation Policy which incorporates the following considerations •

a) Evaluation of conceptual soundness, methodology, parameter estimation, expert and other qualitative data

b) Assessment of data inputs and quality

c)Validation of model outcomes

d)Assessment of ongoing monitoring metrics and performance

e) Model Risk scoring

8) Model issue Management and Escalation process which will describe the issues, cataloguing of issues, issue remediation and action plans.

9) Disaster and Contingency Planning for Approved models describing the Plan B in case of model failure, corruption or cyber-attack.

Passing thoughts

Model risk is very real, and it really requires a heavy lift in documentation. The documentation should provide a consistent set of standards, articulating guiding principles that cover the model process and provide comprehensive guidance for practice and standards on an enterprise wide level.

This is where RiskSmartInc can help. #risksmartinc



John Thackeray