The Federal Deposit Insurance Corporation (FDIC) announced June 7, 2017, that it’s adopting the Supervisory Guidance on Model Risk Management (Guidance). FDIC-regulated institutions with more than $1 billion in assets and those using a model that’s “significant, complex, or poses elevated risk to the institution” will be subject to the Guidance. The Guidance is intended to address expectations for FDIC-supervised institutions regarding the process of model risk management. The Guidance is already followed by institutions regulated by the Federal Reserve Bank and Office of the Comptroller of the Currency. The Guidance is expected to create more consistent model risk management standards across the financial institution industry.
Model Risk Management
The Guidance defines a model as a “quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.” Financial institutions today increasingly rely on financial and economic models for an extensive range of activities, including credit management, operational risk, valuation and stress testing.
Model risk management should be commensurate with each institution’s risk exposure. Model risk can lead to financial loss, poor business and strategic decisions or damage to an institution’s reputation. Model risk increases with model complexity, higher uncertainty about inputs and assumptions and broader use.
The FDIC expects senior management and the board of directors to ensure “effective challenge” of models, which entails critical analysis by objective, informed parties who can identify model limitations and assumptions and deliver appropriate changes. Effective challenge depends on a combination of incentives, competence and influence.
Model Development, Implementation & Use
Robust model development, implementation and use are imperative to model risk management. An effective development process should start with a clear statement of purpose to ensure model development is aligned with the intended use. Critical to model development is the data and other information used. Third-party data and information should be accurate and relevant, suitable for the model and consistent with the theory behind the approach and methodology. Use of the model provides additional opportunity to test whether it’s effectively functioning. The institution should objectively assess model risk and the costs and benefits using a sound model validation process.
Effective validation ensures models are sound. Model validation is the set of processes and activities intended to verify that models are performing as expected and in line with design objectives and business uses. The Guidance addresses three core elements of an effective validation system:
- Evaluation of conceptual soundness, including developmental evidence
- Ongoing monitoring, including process verification and benchmarking
- Outcomes analysis, including backtesting
Models provided by third-party vendors should be incorporated into an institution’s overall model risk management framework. Procedures should exist to help the institution understand the vendor product and its capabilities, applicability and limitations.
Governance, Policies & Controls
An important part of model risk management is developing and maintaining strong governance, policies and controls. A strong framework implemented by senior management and the board of directors provides support and structure to risk management functions. The framework should include standards for model development, implementation, use and validation.
The Guidance comprehensively covers effective model risk management, including model development, implementation, use and validation. Model risk management practices will vary from institution to institution, but effective management should include robust controls and strong governance to mitigate model risk. Read the full Guidance here.
Contact your BKD advisor if you have questions.