cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ncanteau
Retired

The Office of the Comptroller of the Currency (OCC) defines a model as “a quantitative method, system or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.”

The need for model governance and risks assessment

In other sectors also using models as core business enablers, Model Risk Management (MRM) has become a critical piece of the Enterprise Risk Management (ERM) strategy.

A study1 by Oliver Wyman in 2012 demonstrated inadequate model results. Citing 16 institutionswith publicly reported economic capital results, Olivier Wyman found that 25% had losses of at least 150% of their economic capital estimates.

Model risk management programs are established to deal with specific types of risks ranging from the misuse of a model or its algorithm, wrong model implementation, low quality or reliability of data, or the way results are reported to stakeholders.

To properly identify and manage those risks, organizations need to set up the right model governance framework that will help seizing responsibilities, interfaces between models (an important source of risk), input data validation steps, results reviews, monitoring indicators, etc.

In the US, banks with more than $10billion in assets have to run at least one stress test scenarios every year, and banks with more than $50billion in assets and belonging to the Fed’s Comprehensive Capital Analysis and Review (CCAR) program must implement their stress scenario1.

Model Governance can be described in one or several policies and communicated to internal stakeholders. But policies are barely sufficient, as they fail to provide the necessary holistic, integrated view of models mechanisms and their interfaces.

Process mapping and model risk management

Communicating about model risks is difficult, as this is not popular discipline among managers, even in the financial area. Moreover, in complex environments, models are often fragmented across departments and geographies, interdependent to one another and also key employee dependent.

Chartis, in a june 2014 survey2 among 142 professionals, revealed that the lack of knowledge/training for staff developing models is considered important/very important for 56% of respondents, and 50% for staff using models. Also, the design of models appears to be a main source of risks for 60% of respondents.

This is where process mapping can make a real difference.

Process mapping has been a cornerstone of many organizations in recent decades. It was widely used by quality management departments in the 1990s to map the “who is doing what, how and when”. The discipline, which records action steps, inputs, outputs, responsibilities, risks and controls and much other useful information, has become central to communicating both AS IS and/or TO BE procedures or processes.

Process mapping allows organizations to display both strategic environments embedding C-levels authorities, and pure operational procedures and functions executed by a single key employee. This is why it is often used to describe specific operations and their horizontal and vertical interfaces, like models.

Using process mapping for model governance will help:

  • Contextualize models (inputs, outputs, interfaces, actors, etc.) and their risks & controls
  • Facilitate the analysis of potential model risks and collateral issues on the business
  • Facilitate AS IS practices analysis, audit and training
  • Define a single source of truth for models governance

Enterprise wide platforms managing process mapping, risks and controls can help companies replace Excel based model governance and improve model risk management practices.

Process mapping is also of value when it comes to formalizing the model lifecycle management policy. Process mapping not only clarifies the business context and for which use cases the models are used, but also help illuminate which policy will be put the model under total control.

As a result organizations get two major benefits: business context and model lifecycle policy management are clarified, which improves accountability.

GRC 20/20 Research evaluated and verified MEGA's solutions with organizations that are using it in changing, distributed, and dynamic business environments. As a result, GRC 20/20 has recognized MEGA with a 2015 GRC Innovation Award for innovation in risk management with its solutions for model risk management.

Find out how we can help you put model risks under control by managing models lifecycle in their specific business context.

******

1.Brown, Jeffrey A., McGourty, Brad, Schuermann, Till, Model Risk and the Great Financial Crisis: The Rise of Modern Model Risk Management, Oliver Wyman, January, 2015
2. Chartis, Model Risk Management, The Risk Enabled Enterprise, June, 2014