In today’s heavily regulated financial climate, banks and financial institutions are relying more heavily on models—to help measure and manage their exposure to risk, and to help manage the overall business. These models are used in every aspect of risk management, including credit risk, market risk, even operational risk.
These models can help assess risk exposure and manage potential concerns. But what happens when the models aren’t correct? What happens when they fail?
That’s where model risk management enters the picture. Assessing the risk inherent in a model is only the first step. More and more, financial businesses are assessing enterprise-wide model risk. Our paper, Emerging Trends in Model Risk Management, describes how a structured approach can help a financial firm manage model risk. What I want to focus on is the governance model needed to support model risk management.
For enterprises ready to assess model risk across the business, an organizational framework is critical. And that framework should include a formal, comprehensive governance approach.
The governance framework helps establish clear lines of sight, support cross-functional involvement and provide the correct incentives. We believe these are the key components of model risk management governance:
- Model owner: The person responsible for developing or maintaining and documenting a model, who will lead the model implementation process.
- Model user: The person responsible for the business use of a model. With the owner, this person helps lead implementation.
- Model administrator: Often the supervisor of the model owner, this person guides model developers to complete documentation, and helps the owner with other governance responsibilities.
- Model validation and monitoring unit: This independent team oversees the model governance program day-to-day.
- Model risk committee: A group of senior managers, this group oversees the model governance program from the big picture level.
- Internal audit: The function that handles independent review of model risk management processes.
Some of these functions and roles may overlap from time to time. The overlap is okay, but the functions themselves must remain separate and distinct sothe roles are performed and the models are accurately evaluated.
Models are meant to manage and minimize risk, not introduce even more risk. Our paper offers a full set of recommendations for building a reliable approach to manage model risk. For now, a good governance framework offers the operational structure needed to build your approach.