Model risk management programs often began their journey by first creating a definition of a model. Then model risk groups would perform model risk activities on each item that met the definition of a model. These model risk activities include classifying risk, assessing current uses, evaluating ongoing monitoring results, validating conceptual soundness, testing model changes, and so forth. This approach was an important beginning for the field of model risk management as it helped identify existing models, discover fundamental errors in existing models, and prevent inappropriate use of models. However, model risk teams often focused only on processes that already include models and did not identify processes that would be significantly improved by using models. This results in model risk teams overlooking modeling capabilities that a process truly needs. However, model risk teams can go on the offensive and use their model inventory as a source of crucial business intelligence. Model risk teams can start to identify processes that do not include models and could recommend the use of existing models to improve those processes. Furthermore, model risk teams can reduce expenses at a bank by guarding against the development or purchase of models with redundant capabilities. Model risk management teams can ultimately be a champion for the extensibility and efficient use of models at an institution. The article was written by Jacob Kosoff, Aaron Bridgers, and Henry Lee. The article was published by the RMA Journal in September 2020.
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
Adopting a Top-Down Approach to Model Risk Governance to Optimize Digital Transformation
1. The RMA Journal September 2020 | Copyright 2020 by RMA
28
Adopting a
Top-Down
Approach to
Model Risk
Governance
to Optimize
Digital
MODEL
RISK
MANAGEMENT/TECHNOLOGY
Transformation
2. September 2020 The RMA Journal 29
Several of the recent trends emerging from the COVID-19 pandemic, such as low-contact consumer
commerce, the stay-at-home economy, rapidly evolving credit risk due to the closure of parts of the economy,
and virtual integrations with vendors have prompted banks to accelerate key projects. This article explores
how banks are accelerating improvements to the customer experience and automating manual processes by
fundamentally transforming their model risk management processes.
The article will specifically address how banks are adopting a top-down approach to model gov-
ernance that inventories the business capabilities of models, identifies essential business outputs
derived from models, and determines which model capabilities are most critical to these processes.
This approach identifies unused model capabilities that could enable automation and improve busi-
ness insights. Additionally, a top-down approach would create transparency around potential gaps
in model capabilities needed to support the strategic direction of the bank.
BY AARON BRIDGERS, HENRY LEE, AND JACOB KOSOFF
3. The RMA Journal September 2020 | Copyright 2020 by RMA
30
A focus on model capabilities that
support critical processes aligns model
governance with recent trends in
banking technology architecture be-
ing pursued by member banks of the
Bank Industry Architecture Network
(BIAN). For this approach to be suc-
cessful, model risk groups would need
to keep pace with the evolving land-
scape of quantitative modeling driven
by the software community, as well as
learn new technical skills. Assessing
the technology attributes of models
such as interoperability and scalability
will be as important as the veracity of
the underlying mathematics.
Traditional model risk management
programs typically start by creating a
policy definition of a model that is
based on the mathematical approach,
or lack thereof, taken to solve a business
problem. The definition of a model is
usually broad enough to meet regula-
tory expectations found in the Federal
Reserve’s SR 11-7 Supervisory Guid-
ance on Model Risk Management, but
narrow enough to not include every
spreadsheet at the bank. Model risk
groups take a bottom-up approach by
first identifying all potential models as
the fundamental unit of observation
and determining the use of each model
across processes.
Model risk groups then begin
performing model risk activities on
each item that meets the definition
of a model. These activities include
classifying risk, validating the current
uses, evaluating ongoing monitoring,
and evaluating model changes. This
approach was an important beginning
for the field of model risk manage-
ment, as it helped identify existing
models, discover fundamental errors
in existing models, and prevent inap-
propriate use of models.
However, the traditional bottom-up
approach may have shortcomings that
could hinder digital transformation
at banks. First, it is difficult to apply
the definition of a model to complex
processes such as artificial intelligence-
driven customer support, which require
generation of regulatory reporting,
and digital customer journeys. Model
development and risk practitioners can
connect with peers in the business and
IT architecture to understand current
processes as well as what processes
could be improved through employing
model capabilities.
Model risk groups would focus tra-
ditional model risk testing activities on
the most important processes. These
traditional activities should be coupled
with modern model risk evaluations to
ensure that models are interoperable
across processes and that models scale
based on the expected volume of each
process. These tests would align with
the SR 11-7 requirement that “model
calculations should be properly coordi-
nated with the capabilities and require-
ments of information systems.”
“Sound model risk management,”
the guidelines note, “depends on
substantial investment in supporting
systems to ensure data and reporting
integrity, together with controls and
testing to ensure proper implementa-
tion of models, effective systems inte-
gration, and appropriate use.”1
Model risk groups could modern-
ize their inventories to include discrete
business capabilities and indicate
which models are accessible through
APIs, and facilitate automation by en-
couraging the use of APIs and creating
awareness around the model capabili-
ties within the business and IT archi-
tecture. Automation can be further
enabled by also identifying model
capability gaps or gaps in interoper-
ability. Models that are interoperable
using APIs would allow model risk
groups to automate and scale many of
their testing processes as well.
Finally, a model risk framework
that focuses on model-driven busi-
ness capabilities accessible through
APIs would create more efficient and
effective processes. The use of mi-
croservices has been made popular
by technology companies that use an
API business model. Microservices
enable companies to react quickly to
O
n
P
revious
P
age
:
S
hutterstock
.
com
many predictive calculations. This can
result in redundant model risk activi-
ties and difficulty discerning the real
impact these models have on business
decisions. Second, model risk teams of-
ten focus only on processes that already
include models and do not identify pro-
cesses that would be significantly im-
proved by using models. This results in
model risk teams overlooking modeling
capabilities that a process truly needs.
Third, the bottom-up approach does
not align with the digital transforma-
tion occurring at banks through the
creation of business capability appli-
cation programming interfaces (APIs)
and microservices, which are primary
enablers of process automation.
A top-down approach, also called a
business capability approach, would al-
low banks to better think through the
component pieces of their processes,
build microservices on top of those
component pieces, and allow compa-
nies to build flexible, cost-effective IT
infrastructures that can quickly adapt to
customer needs. In other words, the top-
down approach focuses on reimagining
bank operations as a set of microservices
built on top of defined business capabili-
ties that are accessed through APIs. In
recent times, this approach has evolved
into services offered through containers
within the cloud. Model risk activities
that focus on the definition of a model
instead of the business capabilities of-
fered by models may slow down digital
transformation.
A model risk program that uses a
top-down approach would focus on
improving processes with models and
improving the model risk management
processes around models. This type of
approach could improve risk manage-
ment by evaluating the most important
business outputs and their associated
processes to identify any models cur-
rently being used and necessary model
capabilities that are not being used ef-
fectively. Key business processes may
include origination and servicing of
bank products, enablement of bank ser-
vices, creation of financial statements,
4. September 2020 The RMA Journal 31
customer needs, integrate with third-
party partners, rapidly re-engineer
processes, reduce overall IT spend,
and scale quickly. The banking in-
dustry has formed the not-for-profit
BIAN to rethink bank processes, in-
cluding quantitative models using the
service-driven design through APIs.
Models can serve as components of mi-
croservices, but this would inherently
change the focus from primarily math-
ematical techniques to include heavy
consideration of model architecture.
At the corporate level, outputs
meant for external consumption, such
as financial statements and regulatory
reports, are being fed by a network of
models. Furthermore, there are stra-
tegic decisions being made internally
about risk and risk appetite, which are
also supported by models. Identifying
these final important outputs provides
focus and elucidates the models and
data that feed them. This is a perfect
opportunity for banks to simplify
and automate their operations. This
top-down approach will help banks
learn where they need models and
will provide opportunities to build in
elements of API services, which may
be expanded over time.
Consider how many models are used
in commercial credit. Often, several
lines of businesses have commercial
credit exposure, each with their own
models. There are often separate models
for each portfolio and product; even
if they have different inputs, they are
producing the same fundamental out-
puts. Charge-off models depend upon
PD, EAD, LGD models, etc. PPNR
models use expected interest and non-
interest revenues and expenses. The
top-level models in the process should
be targeted first.
While the inputs to these models
will be calculated differently de-
pending upon the financial product
and other characteristics, much of
the redundancy may be eliminated
through modularization and a ser-
vice-driven business model. These
modules are independent and can
be used across multiple portfolios
if developed as generalized modules
and built with scalability in mind.
The upstream models that produce
the idiosyncratic inputs to these
modules can then be streamlined
in successive phases to make the
transformation manageable.
In conclusion, managing model risk
through this top-down approach cre-
ates four main benefits:
• It improves risk management ef-
fectiveness by focusing risk man-
agement resources on models that
impact real business outcomes.
• It cuts costs by greatly reducing
model risk activities spent on mod-
els and processes that pose little or
no risk.
• It draws attention to unused model
capabilities.
• It facilitates process automation and enables
digital transformation by aligning models
to the standards maintained by the Bank
Industry Architecture Network.
The opinions expressed in the article are statements
of the authors’ opinion, are intended only for infor-
mational purposes, and are not formal opinions of,
nor binding on Regions Bank, its parent company,
Regions Financial Corporation and their subsid-
iaries, and any representation to the contrary is
expressly disclaimed.
Notes
1. https://www.federalreserve.gov/supervisionreg/
srletters/sr1107a1.pdf, page 7.
JACOB KOSOFF is a senior vice
president and head of model risk
management and validation at
Regions Bank. He can be reached
at Jacob.Kosoff@Regions.com.
HENRY LEE, PH.D. is a senior
risk and financial intelligence
consultant at the SAS Institute.
He can be reached at reareached
at henry.lee@sas.com.
AARON BRIDGERS is a senior vice
president and the head of risk
testing optimization at Regions
Bank. He can be reached at
Aaron.Bridgers@Regions.com.
"Models that are interoperable
using APIs would allow model risk
groups to automate and scale many
of their testing processes."