Over the past decade model risk management (MRM) functions have changed almost beyond recognition. As the industry searched for who and what caused the financial crisis, models took their fair share of the blame. Spurred on by this, regulators started to introduce more and more regulation around model risk management, the most famous being SR 11-7. It is now a number of years since that piece of regulation triggered a wave of change amongst model risk functions across the industry and it is a good opportunity to take a step back and assess the success of the various change initiatives that have taken place. Luca Dominedo, Senior Manager and Zahra Elmenyawy, Senior Manager, PwC UK, explore.
MRM functions have evolved over time to varying levels of maturity. Almost all institutions have seen some level of improvement but the final finishing point varies significantly from the basic to the fully automated future proof MRM function. The underlying basis of this “best in class” function must be an effective workflow solution that makes life easier instead of trying to shoehorn processes to fit an off the shelf IT solution.
The workflow should then link in a good model risk tiering system to categorise models based on materiality, complexity, and uncertainty. The final piece of the puzzle is the ability to run fully automated validation tests. These can form the basis of initial model assessments, periodic reviews, and help populate KPIs for ongoing model performance monitoring. Any automated testing should then have the ability to populate reports with results in the same automated fashion reducing unnecessary and costly human intervention and leading to a fully streamlined process.
When considering the maturity of model risk management, at one end of the spectrum is the least sophisticated with weak manual controls and ill-defined requirements across the function.
A little further along the maturity scale, what might be considered as the current industry average, is a foundational MRM function, characterised by developed governance policies and procedures and a vision for a target operating model of the future.
The next level of maturity, largely viewed as the target state for the MRM function of most sizeable institutions includes a move to centralised data management, standardised methodologies for modelling and validation and a unified reporting structure.
Finally, the ultimate goal of the MRM function – a truly value driven division with fully automated processes for model risk management. Technology is advanced and fully integrated to provide a digital workflow solution that seamlessly passes work between validators, developers, the business and any other interested parties. Validation activities are fully automated and standardised reports are populated with no human intervention. In the most advanced cases artificial intelligence may be used to enhance the testing too.
Of course, there is a cost to achieving this dream MRM function. But the benefits far outweigh the costs and the ultimate savings far outweigh the initial investment. We estimate that for an average institution automated validation and report production can reduce the modelling resource requirement for periodic model reviews by up to 40%. Efficient processes together with better prioritisation decisions and clear visibility and reporting could lead to shaving up to 30% off the time required to validate a typical model for a medium sized bank.
There are other benefits aside from the FTE savings too. Improved and automated model monitoring that is set up based on automated validation tests can help highlight any potential issues concerning a model much more quickly. A good digitised work flow solution can provide clear and useful reporting for leadership and senior management. And the pain of ad hoc requests from internal or external audit or even regulators goes away completely when a fully transparent audit trail` can be quickly queried to answer any requests.
So how can this vision become a reality? The secret ingredient is as simple as a solid and effective IT solution that considers the activities of a busy MRM function and simplifies and automates processes to meet their needs.
And so it is worth anyone who is part of a MRM function taking a few minutes to step back and look at their evolution over the last few years. Have things moved in the right direction and at the right pace? Compliance with SR 11-7 may have been achieved a long time ago but that doesn’t mean it is ok to sit back again until the next crisis inspires more change. A truly streamlined and fully automated MRM function is achievable with the right infrastructure and not out of reach for even small institutions. It shouldn’t be a case of can you afford to get there but more can you afford not to.
Download the latest RiskMinds365 eMagazine with key insights from RiskMinds International.
© 2019 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with a professional advisor.