At its core, model risk management aims at ensuring that companies put in place the right level of controls for all material models supporting their business and decision-making processes. In this context, it considers model risk as a specific risk type, that should be managed similar to the other risks faced by the company. A thorough framework should be put in place to identify, assess, mitigate and monitor the evolution of model risk across the whole firm.
Model Risk Management addresses the entirety of a firm’s model landscape, not just (regulatory) models requiring validation. For each model in scope, a sound model risk management framework should define what is the right level of control required, which itself should depend on the impact the model could have on the business performance and reputation of the company.
A sound framework is likely to include maintaining a model inventory that identifies who is accountable for each model and features each model’s key characteristics.
By clearly classifying models within the inventory, the efforts required to appropriately manage models can be determined in line with the model risk exposure and the risk appetite of the organisation. The inventory can also be used to capture risk mitigation actions taken in relation to models. As such, the risk framework should improve the ability of an organisation to identify models that are not fit for purpose, allowing them to consider and prioritize the model developments required. Where this is not feasible due to time or resource constraints, further model controls or mitigating actions can be introduced to ensure no adverse outcome arises through use of the model.
As a last resort, where significant uncertainty remains, insurers may consider the application of an uncertainty factor.
Model Risk Management Solutions
Model Risk Classification
The classification of models enables models to be subject to a level of control appropriate to the level of model risk arising from them. This involves defining a formal risk score or a more ‘high level’ model risk ranking linked to the risk of losses from deficiencies in model development, implementation or misuse.
Models should undergo a periodic validation process to ensure that they remain relevant for their use within decision making. This monitoring should consider the business environment, any model changes or changes in use, any legal or regulatory changes, as well as any changes in model requirements.
The Initial Validation should be done with reference to the overall MRM policy and specifically the risk appetite and materiality set by the risk function. A rigorous validation and testing should be applied and it should reflect all parts of the model specification and requirements.
Models should be monitored on an ongoing basis to ensure they remain relevant and appropriate for use. Ongoing monitoring activities include stress testing of assumptions, back testing and monitoring of model performance. It should include regular reporting to the board on the state of the company’s exposure to model risk.
Good model risk management can help prevent losses arising from issues with models. Such losses can be caused by problems in the model design, implementation or a lack of understanding of the model outcomes.
The following key benefits can be obtained through robust model risk management:
- Reduced likelihood of poor decisions – decisions based on the outcome of a model where the model is not fully understood may result in a misinformed decision being taken.
- Holistic view of model risk, not solely confined to regulatory models – widens the scope of consideration to models that are not subject to regulatory requirements but may still materially impact the business i.e. helps broaden the view of model risk beyond the capital model.
- Maximize cost/benefit allocation of resources – can identify areas where the most benefit will be obtained through model improvements or where the addition of a new model or control may be beneficial to an organisation which in turn will ensure resources are allocated to the areas yielding the greatest overall impact on the business.
- Embedded understanding within the culture of an insurer that models are inherently risky – will lead to better communication with stakeholders.
- Improved control efficiency – improved understanding of the model control framework will allow identification of potential duplications or inefficiencies (e.g. excessive use of manual procedures) across different regional offices, business unites or teams that can then be addressed. Ensuring that control levels are consistent between business units will also help to reduce risk.
- Greater understanding of model assumptions, limitations and output – will help ensure appropriate conclusions are drawn from the models and reduce the likelihood of models being used to influence decisions in situations where they are unsuitable.
- Capital benefits – better informed view of capital buffers, reduced capital requirement through lower likelihood of uncertainty loading.
- Increased confidence in the business planning process – through reduced volatility in the capital calculations and greater confidence through better informed planning assumptions.
- Portfolio optimization – due to a more accurate estimation of risks.
- Prevent issues occurring, before they arise – There is a natural human tendency to prioritize models which have recently caused problems. Strong MRM should improve the ability of an organisation to spot potential problems at an earlier stage, allowing remediation activities to take place, minimizing the future impact on the bottom line.
- Improved operation through better documentation – a consistent approach can be taken across an organisation, ensuring documentation exists and is proportional to the models considered.
- Enhanced reputation of the overall risk management function – MRM feeds into the overall approach to managing risks within an organisation which can in turn influence credit ratings and the ability to retain and attract new business.
You can outsource any or all of model management services or non-core functions, as we provide a wide array of services.