Navigating model risk management in financial institutions

Model risk is the potential for adverse consequences from decisions based on incorrect or misused model outputs. It arises from various sources, including data limitations, estimation uncertainties and the misuse of models beyond their intended scope. 

According to the Fed and the OCC, model risk is defined as "the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports". Including data deficiencies that result in incorrect model outputs, the sources of model risk can be categorized into three groups: 

Implementing effective model risk management (MRM) frameworks in financial institutions is fraught with challenges that require careful consideration and strategic planning. These challenges encompass ethical concerns around bias mitigation, the need for interpretability to foster stakeholder trust, complexities introduced by emerging model types and regulatory compliance and transparency. 

• Ethical considerations and bias mitigation: Ethical concerns regarding biases in model development are critical in MRM. Ensuring fairness and equity in model outputs requires robust validation processes and continuous efforts to detect and mitigate biases. 
• Interpretability and stakeholder trust: Achieving interpretability in complex models is essential for gaining stakeholder trust and regulatory compliance. Stakeholders, including regulators and internal decision-makers, require transparency in understanding how models arrive at their conclusions. Institutions are investing in technologies and methodologies to enhance model transparency without compromising accuracy. 
• Emerging model types: Emerging model types, such as climate risk and current expected credit loss (CECL) models, introduce additional challenges. These models often rely on limited historical data and external factors, requiring robust scenario-building techniques and expert judgment to manage risks effectively. 
• Regulatory compliance and transparency: Understanding and adhering to regulatory requirements is fundamental for effective MRM. Regulations govern data privacy, model transparency, monitoring practices and governance frameworks. Institutions must establish clear communication channels to convey model risks transparently to regulators and stakeholders, ensuring compliance and operational resilience. 

Practical implementation challenges in model risk management 

Implementing effective model risk management (MRM) frameworks in financial institutions presents several practical challenges that require meticulous planning and execution. These challenges encompass organizational, technological and regulatory aspects, each demanding tailored strategies to ensure comprehensive risk mitigation and regulatory compliance: 

• Organizational challenges: Successfully managing model risk takes a coordinated effort across various organizational functions. Establishing clear roles and responsibilities, integrating MRM into decision-making processes and fostering a culture of risk awareness are critical organizational challenges. Financial institutions must align MRM frameworks with strategic goals while navigating internal dynamics and stakeholder expectations. 
• Technological complexity: The adoption of advanced technologies, including artificial intelligence (AI) and machine learning (ML) models, adds challenges when it comes to validating and monitoring the models. Financial institutions must deploy robust technological infrastructures capable of handling large datasets, ensuring data integrity and implementing sophisticated analytics for model performance evaluation. Balancing technological advancement with transparency and interpretability poses significant challenges. 
• Regulatory compliance and adaptation: Regulatory requirements continually evolve, demanding ongoing MRM framework adaptation. Financial institutions must keep up to date with regulatory updates, adhere to reporting obligations and ensure models comply with changing standards such as Basel III, FRTB and local regulatory guidelines. Developing agility in regulatory compliance frameworks is crucial to manage model risk in a dynamic regulatory landscape effectively. 
• Risk assessment and quantification: Accurately quantifying and assessing model risk is a persistent challenge. Financial institutions must employ rigorous methodologies for risk measurement, including sensitivity analysis, stress testing and scenario analysis. Addressing uncertainties in model outputs and estimating potential financial impacts require advanced quantitative techniques and a deep understanding of model behavior under different conditions. 

Regulatory landscape and guidelines 

In recent history, several risk events have occurred due to ineffective model risk management, leading to significant losses or even bankruptcy for banks. Key drivers behind these risks include technological innovation, competition, incorporating models in decision-making processes, regulatory pressure and the need for more sophisticated risk management. 

Regulatory bodies such as the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the PRA have introduced comprehensive guidelines to ensure financial institutions manage model risk effectively. These guidelines define what constitutes a model, spread model-risk culture within entities and establish a common framework involving senior management and board oversight. 

Key regulatory impacts: 

• LIBOR transition: The transition to new reference rates has impacted the discount rates used in models, leading to institutions recalibrating and continuously monitoring the model being used. 
• Targeted review of internal models (TRIM): Aims to improve the supervision of internal models, with future expectations for higher scrutiny and potential delays in approving material model changes. 
• Fundamental review of the trading book (FRTB): Introduces a new internal model approach with supervisors reviewing model use at the desk level and a more rigorous model approval process. 
• PRA supervisory statements (SS3/18 and SS5/18): SS3/18 requires firms to verify that external activities align with MRM standards. SS5/18 outlines risk management and governance expectations for algorithmic trading models. 
• Basel IV: Details comprehensive changes to banking regulations, impacting model risk management. 
• EBA IRRBB guidelines: Provides detailed guidelines on managing interest-rate risk in the banking book. 
• The new definition of default (DoD): Requires model changes for internal ratings-based (IRB) models, including recalibration of the probability of default (PD), loss given default (LGD) and credit conversion factors (CCF). 

Strategies for overcoming implementational challenges 

To address these challenges effectively, financial institutions can adopt several strategic approaches: 

• Enhanced governance and oversight: Strengthening governance frameworks to ensure clear accountability, transparency and oversight of model risk management processes. 
• Investment in technology: Continuously investing in advanced technologies such as AI and ML for automated model monitoring, data analytics and predictive modeling to enhance risk detection and management capabilities. 
• Adaptive regulatory strategy: Developing a proactive approach to regulatory compliance, including regular reviews of regulatory guidelines, participation in industry forums and leveraging regulatory technology solutions to streamline reporting and compliance efforts. 
• Continuous education and training: Promoting a culture of continuous learning and skill development among staff involved in MRM, ensuring they are equipped to address evolving challenges and technological advancements. 

By focusing on these implementation challenges and strategies, financial institutions can strengthen their MRM frameworks, mitigate model risk effectively and uphold the integrity of their decision-making processes amid dynamic market conditions and regulatory requirements. 

JP Morgan Chase: Leveraging AI and ML for robust MRM 

JP Morgan Chase exemplifies the integration of AI and ML technologies into model risk management (MRM) frameworks, demonstrating how advanced analytics can enhance risk mitigation and regulatory compliance. By incorporating large language models (LLMs) for natural language processing and generation, JP Morgan Chase navigates the complexities of regulated environments such as financial services and healthcare with rigorous technology controls and robust governance frameworks. The bank’s head of product and firmwide AI/ML platforms previously highlighted the importance of ethical considerations like Explainable AI and Responsible AI in mitigating risks and ensuring compliance. This proactive approach enhances operational efficiencies and strengthens trust with stakeholders by prioritizing transparency and accountability in AI-driven decision-making processes. 

^{Source: AI and Model Risk Governance (jpmorgan.com)} 

HSBC: Model risk management 

In 2023, HSBC made significant strides in enhancing its model risk management processes in response to evolving regulatory requirements and market conditions. The bank implemented approved models for the internal model method (IMM), internal model approach (IMA) and an internal ratings-based (IRB) model for UK mortgages. They also addressed regulatory feedback on IRB models for wholesale credit. In response to market volatility, HSBC adjusted its value-at-risk (VaR) model and introduced new validation procedures for tools developed using generative AI. Additionally, HSBC enhanced frameworks and controls for climate risk and AI models, ensuring they are effectively embedded in business processes. The bank also initiated a program to meet the enhanced model risk management requirements outlined in the supervisory statement 1/23 by the Prudential Regulation Authority (PRA). HSBC’s model risk governance structure involves group, business and regional committees, providing robust oversight and regular reporting on model risk to senior management and the group risk committee. This comprehensive approach underscores HSBC's commitment to maintaining regulatory compliance and effectively managing model risk. 

^{Source: https://www.hsbc.com/-/files/hsbc/investors/hsbc-results/2023/annual/pdfs/hsbc-holdings-plc/240221-risk-review-2023-ara.pdf}