Modelling teams, risk teams, auditors, compliance teams, as well as senior management, are challenged with integrating these demands into their ‘business-as- usual’ processes, so that FDIC regulated institutions can comply with the requirements, while also achieving enhanced business efficiencies and cost savings.

The requirements of FIL-22-17 for modelling bring FDIC institutions into line with the Federal Reserve’s standards for Model Risk Management (SR 11 7) and the OCC’s requirements (2011-12). These requirements center on the way institutions manage their use of models, based on their risk profile, the complexity of the models and how reliant they are on their use.

The core of the FDIC’s requirements are around the implementation of a Model Risk Management (MRM) framework that encompasses:

• Disciplined and knowledgeable model development that is well documented and conceptually sound
• Controls to ensure proper implementation
• Processes to ensure correct and appropriate use
• Effective validation processes
• Strong governance, policies, and controls.

These requirements affect institutions with over $1bn in assets.

This drives the speed and flexibility that business users value deeply. It also exposes institutions to operational, regulatory and reputational risks, and it is these risks – to institutions and the wider economy – that the FDIC is looking to address.

Institutions are challenged to build a framework that reflects the FDIC’s own requirements but which also provides a unified model risk management framework that covers both models, tools and calculators that run under the corporate IT umbrella, and that of different business units. The management framework must be unified, because models, regardless of who manages them, may take inputs from both business units as well as corporate IT. Flawed inputs can have a material impact on the business, regardless of the source and who controls it.

Addressing this challenge will require careful thought and planning, given the budget and resource constraints that are often in place. An effective MRM solution will address the need for speed and flexibility on the one hand, management controls and transparency on the other, alongside regulatory compliance, by including features such as:

A central inventory of models, tools, and calculators

• Comprehensive inventory identification, scanning and discovery capabilities.
• Risk assessment, criticality, and control assessment ratings.
• Highly configurable view and access management for a tailor-made user experience.
• Powerful data lineage, data interdependence and data connection mapping functions.
• Comprehensive document storage to support standardized model documentation across the enterprise.

Model lifecycle management

• Automated MRM workflow and task management capabilities.
• Flexible design functionality to quickly define, build and modify attributes, workflows, algorithms, and reporting.
• Comprehensive, proactive monitoring and alerting to ensure compliance.
• A flexible, robust and proven task management and attestation engine.

Security and audit management

• Complete audit trail of updates and interactions with the MRM framework.
• Full role-based security management including flexibility to define and refine roles and access to the platform.