We have seen a direct correlation between model documentation quality and strength of the model risk management processes.
Model managers who have invested the time in documenting procedures for model updating, and for validation techniques employed to review data, assumptions, and results tend to have stronger, more reliable processes that are repeatable and instill confidence with strategic decision-makers.
However, this is quickly being reprioritized as this documentation represents an important component relied on by model risk management experts and validators.
Model risk management: second line of defense The model risk management function (the group, individual, or outside resource) represents the second line of defense for model risk management.
This component of MRM is where the “effective challenge” occurs.
This log should include the nature of the change, when it occurred, the expected impact, who performed the change, and who reviewed and approved the change.
In the case of key assumption changes, any quantitative and qualitative (expert judgment) support should also be included or referenced.
While we don’t expect this level of infrastructure to emerge at the community bank level, it is not uncommon for mid-tier banks to have one or more internal model risk management resources dedicated to this management and oversight process.
A three-tiered approach appears to be emerging from the process of addressing model risk.Over the past few months, I’ve had an opportunity to interact with many examiners, financial risk modelers, auditors, chief risk officers, and model risk management executives and managers.One thing has grown clear: Old school ways of managing model risk don’t cut it anymore.They are instituting standards governing model management protocols, including data management, change control, assumption review and approval, and documentation.For numerous model managers, these new corporate standards are necessitating several changes to their normal model update and review processes, and many are finding it challenging to incorporate the needed changes in the midst of their daily routines.For larger organizations, centralized oversight of the model risk management process involves the following: • Establishing corporate governance and control policies and standards.