A model solution

TD Bank masters model governance using SAS® Model Risk Management

When you work at a bank and the regulators come calling, you’d better have a solid and defensible view of all the firm’s models. If you don’t, then the regulators will have questions. If they have questions you cannot answer, then the worst happens, warns Robert Rapacciuolo: “They move in.”

Rapacciuolo is the US Model Risk Operations Manager for TD Bank, America's Most Convenient Bank®, one of the 20 largest banks in the world with $745 billion in assets. His model risk management (MRM) team is responsible for overseeing its risk and financial models – a critical source of intellectual property for the global bank. Prior to implementing SAS Model Risk Management there was one major problem: The bank’s model information was not easily accessible.

[SAS Model Risk Management] has a lot of advantages in its flexibility. We had no limits. We could produce the attestation workflow that we used from nothing.

Robert Rapacciuolo
US Model Risk Operations Manager

“A lot of the businesses had no oversight of their models because they didn’t realize there needed to be any,” Rapacciuolo says. Most models existed purely in list form and had never been looked at by operational risk managers.

Banks don’t act on instinct. They prefer to act on data – data often produced by financial models. Models are a form of intellectual property used to support risk mitigation and business growth. One model might chart the cost of capital for corporate finance projects, while another might reflect business acquisitions. Others model fraud or market risk.

Models are both important and imperfect. They’re an abstract representation of reality, based on assumptions. Model risk is a result of differences between the model’s output and reality. A bad model can be profoundly damaging. The MRM team provides insights into these risks. They ensure proper governance of the firm’s models while enhancing the value of this intellectual property.

Single source of truth drives business value

Poor visibility of its financial models affected compliance at TD Bank. It needed a robust and comprehensive database of model information. In addition to addressing compliance, TD Bank knew that having an accurate, up-to-date, single source of truth would offer practical insight against risk and drive business value. The bank decided to use SAS Model Risk Management to implement this vision.

It was a daunting task. TD Bank has approximately 500 models in the US, and each one required meticulous documentation and care. Model risk management begins with a candidate assessment to consistently classify all the firm’s models and non-models. The MRM team then registers a model asset, assigns stakeholders and attaches the relevant documentation.

SAS Model Risk Management allows the TD Bank MRM team to interact with multiple stakeholders throughout the model life cycle, including executive sponsors, model owners, model developers, users, auditors and business sponsors. This process of cross-functional collaboration enables the bank to continuously enhance its intellectual property, improve risk management, optimize capital and drive business value.

SAS Model Risk Management made the complex job of managing firmwide models easier, including workflow and attestation. “It has a lot of advantages in its flexibility,” Rapacciuolo says, noting that other tools he had used in the past had limited configuration options. “We had no limits. We could produce the attestation workflow that we used from nothing.”

The project has brought multiple benefits to TD Bank. The most significant is an improvement in its compliance position. When regulators visited, the MRM team demonstrated the SAS solution, and they were excited at what they saw. “They arrived on the scene like an earthquake,” Rapacciuolo says, “but they went away happy with no further questions.”

Comprehensive oversight of models has given the bank an effective risk governance platform. Not only does this give business groups more certainty about the models that they’re using, but it also creates opportunities to identify interconnected risk across business activities. This is something the MRM team has begun to implement, taking fuller advantage of the flexible, feature-rich SAS Model Risk Management platform.

There are other benefits, too, not least of which is the increased standing of the MRM team in the US. When the team first rolled out the solution, few business groups paid attention. Now, they frequently approach the MRM team for information. “They all come to us now,” Rapacciuolo says. “We’re now the system of record. The most complete set of data.”

This popularity has made the MRM project self-propagating. Now that other parts of the business understand its value, they are eager to contribute information to its growing database.

The MRM team plans to further improve its records, importing hundreds of documents from legacy systems to get them all in one place, ultimately with adoption of SAS Model Risk Management as the global standard. It will expand the database to include an entire development archive, including source code and test results.

“It’s a living database that embodies connections between all of the different groups,” Rapacciuolo concludes.

It’s also a valuable asset in a heavily regulated industry focused on quantifying risk.

TD Bank logo


  • Maintain a robust and comprehensive database of model information.
  • Ensure proper governance of the firm’s models while enhancing the value of this intellectual property.



  • Have an accurate, up-to-date, single source of truth providing practical insight against risk.
  • Facilitate cross-functional collaboration to continuously enhance intellectual property, improve risk management, optimize capital and drive business value.
  • Stay on top of regulatory requirements, keeping executive management and regulators up to date on model status across all risk categories.
The results illustrated in this article are specific to the particular situations, business models, data input, and computing environments described herein. Each SAS customer’s experience is unique based on business and technical variables and all statements must be considered non-typical. Actual savings, results, and performance characteristics will vary depending on individual customer configurations and conditions. SAS does not guarantee or represent that every customer will achieve similar results. The only warranties for SAS products and services are those that are set forth in the express warranty statements in the written agreement for such products and services. Nothing herein should be construed as constituting an additional warranty. Customers have shared their successes with SAS as part of an agreed-upon contractual exchange or project success summarization following a successful implementation of SAS software. Brand and product names are trademarks of their respective companies.