Model Risk Management: A CCAR Perspective

Jenna Danko
Product Marketing

Model risk is not a new concept to financial services institutions. Financial institutions (FIs) make extensive use of models for strategic decision making and operational requirements. While FIs are willing to undertake model risk as a calculated risk for conducting their business, of late the regulators have started emphasizing the need for effective model risk management and governance.

Supervisory Guidelines on Model Risk Management

The Federal Reserve Board of the US (Fed Reserve), in association with the Office of the Comptroller of Currency, issued a joint directive vide SR 11-7 Supervisory guidelines on Model Risk Management. SR 11-7 requires model risk to be managed from the time the models are developed. Although the directive does not directly refer to 3 lines of defense, it emphasizes the need for risk management by:

  1. the model developers and users,
  2. independent model validation teams (may be internal or external), 
  3. internal audit reviews and top management review on periodic basis. 
It also requires the board of directors, or an equivalent committee, to prescribe the enterprise level model risk management framework through policies and procedures and be cascaded to the operational level through a top-down approach.

Comprehensive Capital Analysis and Review (CCAR)

In the US, model risk management also gains more importance given that the supervisory guidelines are referred to in the "Comprehensive Capital Analysis and Review guidance." In this context, as part of the CCAR 2015, Fed Reserve has clearly emphasized the regulatory expectations around model risk management on the following lines:

"BHCs (bank holding companies)should ensure that they have sound model risk management, including independent review and validation of all models used in internal capital planning, consistent with existing supervisory guidance on model risk management (SR letter 11-7)."

(Source: Comprehensive Capital Analysis and Review 2015: Summary Instructions and Guidance)

While the SR 11-7 guidelines are about all models used by the BHCs, the primary focus of CCAR process are the models used in the capital planning & stress testing process.

Model/Model Risk Documentation

Now let us look at the model risk documentation required from a CCAR perspective.

The CCAR guidelines call for the following details as part of the annual capital plan submission by the BHCs:

Supplementary Documents (subject area)
Details To Be Submitted by BHCs
Methodology and Model Inventory
BHCs are required to provide the Fed Reserve with an inventory of all models and methodologies used to estimate losses, revenues, expenses, balances, and RWAs. The regulatory expectation is that BHCs provide the list of models and methodologies used for each of the FR Y-14A line items.
Status of Validations/Independent Review of Models
For all the models used in the capital planning process, the status of model validations and independent review as on the reporting date.
Documentation of Internal Stress Testing Methodologies and Assumptions
BHCs should include in its capital plan submissions thorough documentation of key methodologies and assumptions used in performing stress testing.

CCAR 2014 Results – Observations by Fed Reserve on Model Risk Management by Financial Institutions

As part of the CCAR results for the year 2014, the Fed Reserve had observed that some BHCs involved in CCAR 2014 still fell substantially short of supervisory expectations, and all BHCs still have room for improvement, most notably in the area of conducting more rigorous evaluations of the conceptual soundness of modeling approaches applied to stress testing use. The regulator also observed that there were numerous cases in   which validation activities were not in line with supervisory expectations or effective challenge was not exercised.

(Source: Comprehensive Capital Analysis and Review 2015: Summary Instructions and Guidance)

Effective (Model) Risk Management is the Key

The model risk documentation required from a CCAR standpoint calls for a robust, disciplined and efficient process in creating an enterprise wide model inventory and having a structured approach for periodic validation of models and mitigation of risks arising thereof.

In order to address the SR 11-7 guidelines and the CCAR requirements, BHCs should have a reliable system of record to collate the information required for CCAR submissions. If the system of record provides auditability, traceability, and security to the confidential information, it serves as an assurance to the top management and the regulators as well.

Model Risk Management Groups

Many of the global financial institutions have already started establishing a centralized model risk management group to oversee model risk management activities. These groups are expected to function as an independent team in terms of:

  • ensuring that the models undergo periodic validations
  • the validations are performed by staff who have the right skill sets to perform the validations
  • ensuring that the model validation teams have complete independence and not involved in the model development and/or use
  • coordinate with the line of business for appropriate action plan on the validation results and track the issues for closure
  • foresee model risks and work with business teams on a proactive basis to mitigate risks
  • appraising top management/Board with significant model risks arising

This group should directly report to top management and, as a function, should be viewed more of a gate keeper role to protect the institutions from financial losses and reputational risks arising out of models.

Robust Model Risk Management Solution

Implementing an enterprise-wide model risk management solution provides multiple benefits for the institutions:

  • serves as a single source of enterprise wide models, breaking organizational silos
  • brings about standardization of model record maintenance across LOBs
  • serves as a system of record to capture results of model validations conducted at periodic intervals
  • follow through the model risks identified during the course of validations through mitigation plans
  • on-demand access to model key indicators
  • helps organizations to take a holistic view of model risk such as the risks posed by a group of interconnected models
  • prevent financial losses and avoid reputational risks
  • compliance to regulatory guidelines

Address CCAR Reporting Requirements on MRM

A combination of a centralized model risk management group and a robust model risk management solution can ease out on the CCAR supplementary documentation required on model risk.

From a CCAR submission standpoint, the model risk management solution can provide on-demand access to the supplementary reporting data points as mentioned earlier. In the solution, the models that are connected to the capital planning and stress testing process can very well be tagged to FR Y-14A reporting level data elements and thereby reports can be generated seamlessly. This would also avoid manual interventions and errors while collating the information, given the average number of models used by BHCs.

To conclude, with the growing importance and regulatory focus on the subject of model risk management, it is needless to say that BHCs should always look for ways to strengthen the MRM framework and the related governance. While CCAR requirements are meant for large/mid size BHCs, model risk management is something that needs to be effectively managed by all financial institutions, irrespective of size. Institutions should view model risk management as a risk management activity and not merely as a compliance activity. Safeguarding an institution’s own interest and that of stakeholders should serve as drivers towards effective model risk management.

How does your organization address this CCAR submission requirement? I would love to hear from you to discuss further, comment below.

Krishnamurthy Venkatraman is a Senior Principal Product Manager for Oracle Financial Services Analytical Applications. He can be reached at krishnamurthy.venkatraman AT oracle.com.

The views expressed herein are the views of the author and not necessarily the views of the employer.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.