Managing Model Risk and Compliance across a Multi-faceted Model Environment is a Challenge for Financial Institutions

Managing Model Risk and Compliance across a Multi-faceted Model Environment is a Challenge for Financial Institutions

Henry Umney

CEO at ClusterSeven

Henry Umney is CEO of ClusterSeven. He joined the comp any in 2006 and for over 10 years was responsible for the commercial operations of ClusterSeven, overseeing globally all Sales and Client activity as well as Partner engagements. In July 2017, he was appointed CEO and is strongly positioned to take the business forward. He brings over 20 years’ experience and expertise from the financial service and technology sectors. Prior to ClusterSeven, he held the position of Sales Director in Microgen, London and various sales management positions in AFA Systems and ICAP, both in the UK and Asia.

Views 332

Managing Model Risk and Compliance across a Multi-faceted Model Environment is a Challenge for Financial Institutions

11.04.2019 11:15 am

Model Risk Management (MRM) frameworks are increasingly attracting the attention of auditors and regulators who are raising the bar in two key areas:

  1. Historically MRM has been focused on model validation, however regulators now expect an MRM programme to manage the entire model lifecycle. 
  2. Focus has widened from the model to include the tools and calculators that the models rely on. 

While most regulated financial institutions have GRC systems, or in-house risk management systems in place to manage their risk frameworks, these systems typically lack the flexibility to capture the complexities of manyt MRM programmes.  This is not helped by the fact that there is also a recognition that these models, tools and calculators can use data and resources from both the – highly controlled corporate IT environment, and also the – less controlled ‘Shadow IT’ environment – run by business units themselves.

The lack of flexibility in these GRC systems can constrain MRM programmes, to the detriment of the business. Most MRM programmes are evolving, as new modelling capabilities, and more powerful models emerge. There is a premium on flexibility and agility. However making changes to these traditional GRC systems often requires involving the 3rd party vendor (or IT) to make these changes with long lead times and large expense. So, institutions typically resort to manual processes (e.g. resorting to using email for confirmations of changes/approvals) to overcome these short comings, in turn creating issues for users and management alike. These manual processes make it difficult to have full transparency of changes to the models, tools and calculators required by the business, and their auditors and regulators.

Institutions are being challenged with the increase in the scale and scope of models, and their regulations, while also looking to streamline, and enhance the management their MRM frameworks. With a large proportion of the models, tools or calculators being user-created, many financial institutions are struggling to even create an accurate inventory as numbers quickly multiply.  One bank, whose original inventory of 300 models, five years on, now stands at close to 3,000 models, tools and calculators. This situation is potentially reflective of most financial institutions.  Added to this, there is the challenge of constrained budgets, resources or skills in financial institutions to efficiently and effectively undertake comprehensive MRM.

Poor management of the model environment exposes financial institutions to operational, reputational and regulatory risk. Frameworks such as SR11-7 in the US, SS3 18 in the UK and TRIM in the EU have collectively raised the bar that stakeholders, management and regulators expect institutions to work towards.

Automated MRM

How best to square the circle of enhanced MRM with constrained time and resource lies in taking a comprehensive and all-encompassing approach to MRM – including the creation, maintenance and validation of an enterprise-wide model inventory, the alignment of MRM with supervisory guidance and business objectives, the monitoring of policy and documentation standards, as well as sharing of fully auditable information.

Financial institutions can utilise automation to build and manage a central inventory of all the models, tools and calculators in the organisation. This provides an accurate, consistent and transparent platform that allows them to understand and monitor the criticality of each and tier the inventory based on the risk they pose to the business. 

It also allows them to determine the data lineage and data interdependence of the models across the enterprise. This is essential for maintaining the accuracy and integrity of the applications as MRM isn’t a one-off process, as models are developed, revised and decommissioned almost constantly. 

An automated approach helps underpin the model lifecyclemanagement which is essential to effectively managing an evolving model environment. It can create a framework that enables model attributes, workflows, algorithms and reports,for example, to be updated and modified as the models themselves change. 

Automation also helps to meet the security and audit demands that current MRM demands, including full audit capabilities of changes within the MRM environment. Role-based security capabilities control access to the MRM environment to ensure segregation of duties and implementation of ‘four’ eyes review.  

A technology-led approach to MRM will ensure that the standards applied to ALL models in the organisation are consistent.  MRM is an area that institutions can’t ignore, the regulatory, financial and reputational consequences are far too serious.

Latest blogs

Patrick Bermingham Adflex

APMs for B2B payments – buzzword or next big thing?

To understand why APMs are become increasingly important in B2B payments, let’s first clear up some confusion: What are APMs? APM is a catch-all term to describe any payment method that does not require the use of a credit or debit card. There are Read more »

Christian Damour FIME

What is PCI DSS?

As worldwide card fraud continues to rise, it is fundamental that the payments industry steps up to the challenge to prevent further data breaches and losses. One of the key elements of keeping data secure is PCI DSS compliance. The security Read more »

Colin Dean Hyland

Why Leaders Should Choose Digital Optimisation, Not Transformation

The technological revolution in finance means that, rather than being a once in a decade step-change, digital upgrading has become a decade-long process - perhaps even a never-ending one. Because organisations cannot exist in a constant change of Read more »

Marten Nelson Token.io

Will banks ever learn?

Yesterday, Facebook announced Libra, a stablecoin to be used for payment in WhatsApp and Facebook Messenger. Libra is a stablecoin pegged to a basket of fiat currencies to minimize fluctuation of its value. TechCrunch writes: “Facebook has finally Read more »

Keith McGill Equifax

Cifas Fraudscape 2019: Tackling identity fraud must remain top priority

The latest Cifas figures show worrying trends as identity fraud rose by 10% in 2018, with those aged under 21 and over 60 being increasingly targeted by fraudsters. There was also a 26% rise in cases of ‘money mule’ fraud, highlighting the agile Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel