Want more Insights from SAS? Subscribe to our Insights newsletter. Or check back often to get more insights on the topics you care about, including analytics, big data, data management, marketing, and risk & fraud.
Model risk management keeps banks ahead of the regulators
The current mantra from regulators in the US and Europe is simple: “Know your models”
by David Rogers, Global Risk, SAS
In the years since the credit crisis of 2008-2009, a new set of regulations emerged from the rubble. While these regulations have different names and principles, one thing is clear: those at the helm of banks large and small are unsure how to go about their business when the regulatory landscape is shifting.
Before consumers – and regulators – can put their full trust in banking institution, there’s another trust issue at play, this time from within the organization. Executives need to trust the various models used to aid, or in some cases make, the decisions that drive a financial institution.
[New] guidelines advise local regulators to challenge executives to take responsibility, asking, in effect, if senior management understands the degree of model risk in measurement of credit, market and operational risk.
Traditionally, a bank’s decision makers have limited access to information around the very models they use on a daily basis. While the core design of a model may be the domain of an expert-level analyst, elements like the origin of the models, how they impact the business and their history should be accessible to all management.
In many large financial institutions, the context behind these models is often hidden. The model metrics – and documentation of how the model was created and maintained – is often buried behind a complex web of people and systems.
This dynamic doesn’t just flummox management. Regulators have been playing catch up on the use of models within banks. But with a new set of regulatory tools and an increase in expertise and resources, regulators are becoming more aware of the models and can pose more specific, engaging questions about how banks represent their data.
The US Federal Reserve started this trend, issuing the SR Letter 11-7 Supervisory Guidance on Model Risk Management. The European Banking Authority (EBA) followed with Model Risk assessment guidelines to country regulators for SREP, issued in December 2014.
The EBA’s guidelines show the new supervisory dynamic facing executives. The guidelines advise local regulators to challenge executives to take responsibility, asking, in effect, if senior management understands the degree of model risk in measurement of credit, market and operational risk (paragraphs 188, 233f).
In the EBA report, the authority outlined specific areas that are part of assessments. The list includes (with relevant paragraphs in parentheses):
- How are model risks in credit and market risk assessed within capital adequacy assessment as well as other models covered under operational risk? (235b)
- To what extent does bank use models to support significant business decisions? (264)
- How sound are model validation and review process? (285)
- What are model risk control mechanisms and how are these tested? (265)
- How significant is model risk? Includes sensitivity, scenario and stress testing. (267)
In response to these supervisory guidelines, larger banks will need to look to improve their organization and systems. Many impacted by the US Fed guidance on model risk management are setting up a central model management function that has global reach but allows the local function develop models that reflect the data and level of sophistication for each local area.
Companies like Discover Financial Services are at the forefront of the new dynamics in model risk. They are using SAS® Model Risk Management to make their process more efficient and effective for managing model information.
Through a more centralized approach, Discover’s risk management group can now see what is happening across units and provide recommendations on issues, such as when a model should be retired. Individual business units can also make informed decisions about the value of borrowing an existing model (instead of building their own), because they can “peek under the hood” and see what the model can or cannot do.
Regaining trust in the models used to support bank decisions needs to be built on the most up-to-date enterprise level repository of information about the model itself. This is where "knowing your models" comes into play. And it's where SAS Model Risk Management plays a role in keeping all parties informed.