The research features insights that reward careful reading, and these include:
- Models, by and large, are well defined and understood in banks
- Model inventories are in widespread use and feature technology that make them easy to use.
- That said, not all models are in centralized inventories.
- Not all model owners understand their responsibilities
- Investment favors model development over model validation
This insight is fascinating because the picture it paints of the 80 or so banks, of all sizes, that took part in the research is that MRM regimes are more complex and nuanced than many involved would probably like to admit to their peers. Rather than a highly polished, automated, and streamlined array of systems and processes, the reality is that these systems and processes are a compromise between limited time and skills and the need to complete for budget with other departments
Who had the most developed MRM frameworks?
The issues raised can be compared with industry best practice, defined by the US SR 11 7 framework, and the UK’s SS3/18.
The largest banks had the most developed MRM frameworks that align closely with best practice. Where standard practice sometimes departed from best practice was in those areas that had more recently adopted modeling as a core capability, such as operational risk or credit decisioning, or even HR. These functions likely had more models outside the central inventory and made more use of manual processes to manage issues around model validation for example. These present significant model risks to businesses.
Who diverged from best practice (and why)?
Smaller institutions were typically less ambitious in their use of models, remaining focused on credit risk primarily. That said, their lack of budget and skills meant that they typically limited their investment in MRM technology, typically utlising toosl usch as excel, email and sharepoint. These firms are using manual processes where best practice would advocate the use of automation to reduce errors and reduce risk.
There were several reasons, why many institutions diverged from best practice. Some were down to there being insufficient staff anywhere who could deliver best practice MRM. Not surprisingly, they were typically found looking after the core models at the most prominent institutions, honing systems and processes that were likely unique and therefore valuable and expensive.
Another issue was technology. Many newer models have been built outside the control and influence of the corporate IT function, using end user- based and cloud-based capabilities. This situation means that good practice is more difficult to enforce or instill, exposing institutions of all sizes to model risk.