Since the end of the financial crisis, there has been increased reliance on quantitative models by financial institutions due to heightened regulatory requirements, including Comprehensive Capital Analysis and Review and Basel. All models are, to some extent, subject to model risk stemming from incomplete data and/or a subjective set of assumptions. While many institutions understand and quantify such risks posed by individual models, few institutions take stock of the holistic risk across their entire model inventories. This siloed view of model risk leaves banks exposed to risks not captured by their risk appetite statements. Further, the lack of a holistic view hinders institutions’ ability to properly quantify overall enterprise risk and model risk’s potential organizational impact, preventing leadership from making informed decisions.
Banks of all sizes continue to wrestle with aggregating model risk across their portfolio, challenged with the process of identifying model information across functions and products, understanding the interconnectedness of their models (downstream/upstream impacts, common assumptions, and shared data), and shortcomings of each model, and then repeatedly applying this process over time.
What steps should banks take to create more consistent, scalable, and repeatable processes across their firm-wide model inventories? Model monitoring can be a potential solution. In a 2014 Global Association of Risk Professionals event, the head of model risk management of a prominent financial holding company asserted: “Model monitoring should evaluate whether changes (including anticipated) in products, exposures, activities, clients, or market conditions necessitate adjustment, redevelopment, or replacement of the model.” In a similar fashion, aggregated risk models may potentially inform senior leadership on true enterprise risk and enable impactful decision-making.
Not All Risks Are Created Equal — Model Risk Aggregation Should Inform Risk Appetite
Model risk aggregation is becoming an increasingly important part of the model risk management (MRM) framework for financial institutions of all sizes. Ideally, model risk aggregation can be used to inform the risk appetite framework/statement and vice versa.
However, as modeling techniques and methodologies evolve, and model inventories become increasingly diverse, it is becoming more critical to have a model risk aggregation framework in place that can assess model risk consistently across an institution’s portfolio.
Aggregating Model Risk has been an explicit regulatory expectation since the publication of the SR 11-7/OCC 2011-12 Model Risk Management guidance (emphasis added):
“In the same manner as for other major areas of risk, senior management, directly and through relevant committees, is responsible for regularly reporting to the board on significant model risk, from individual models and in the aggregate, and on compliance with policy.”
However, regulatory guidance does not prescribe a specific methodology to employ. The type of approach implemented can depend on the size/scope of the institution’s model inventory and availability of data and model risk metrics.