Week 1 - MRM. A Practitioner’s Approach

Co-Authors:

Carolina Biagini - Senior Quantitative Analyst - Kevin D. Oden & Associates

Amul Bhatia - Partner - Kevin D. Oden & Associates

As Credit Unions (CUs) shift into automation, data-driven processes, and Artificial Intelligence (AI) to transform to digital banking, the use and complexity of models utilized will grow rapidly.  While these technologies provide immense opportunity, they carry risk as well. Financial institutions should anticipate an expansion of in-scope AI and Machine Learning (ML) applications given regulatory predisposition toward inclusion. The OCC has already claimed that many AI/ML tools should be considered models, and their model risk should be properly managed[1].

Developing a sound, cost-efficient Model Risk Management (MRM) framework appropriately scaled for the institution is a key element of making the gains from increased model use sustainable. The framework discussed below aims to help in that endeavour.

Model Governance

“The real mechanism for corporate governance is the active involvement of the owners.”

                                                - Louis V. Gerstner, Jr.

As SR-11-7 states,

“A strong governance framework provides explicit support and structure to risk management functions through policies defining relevant risk management activities, procedures that implement those policies, allocation of resources, and mechanisms for evaluating whether policies and procedures are being carried out as specified.”

When tasked with building out a MRM program, many CUs find it difficult to know where to start. That is where the notion of a model governance framework comes into play. Once the framework is established, the process of assigning roles and responsibilities (R&R), followed by the development of policies and procedures (P&P), becomes easier. Developing this framework and reviewing it on a regular basis lead to strong, sustainable model governance.

Developing a framework

Is it commonly claimed that the extent and sophistication of the governance framework should align with the extent and sophistication of model usage at the institution. But how does a CU go about putting together such a framework? The first step is determining objectives. Next, the CU needs to determine what it takes to achieve those objectives. Finally, the CU needs to assess what it takes to make those achievements sustainable. A concrete example of an MRM framework looks like this: 

  1. Objectives:
    1. Identify all models used at the CU.
    2. Assess the risks associated with those models.
    3. Assess the institution’s appetite for the current model risk profile.
    4. Manage risk within the institution’s appetite.
  1. Plan to achieve objectives:
    1. Develop a model identification process.
    2. Develop a risk assessment process for individual models and in aggregate.
    3. Determine how much model risk the firm is comfortable with.
    4. Develop a plan to reduce or retain risk within the firm’s risk appetite.
  1. Plan to make objectives sustainable:
    1. Develop a revision process to ensure objectives are sustainable.
    2. Develop policies regarding R&R in #1, #2 and #3a.
    3. Develop a governance framework to review the execution of the plan, to assess the performance of individuals and groups in relation to P&P, and to make recommendations for refinements.

The CU’s model risk objectives should be placed in a risk appetite statement where the firm’s appetite (and capacity) for model risk is prescribed. Once these objectives are initially set, a governance framework should be developed to achieve those objectives and make them sustainable. As described above, governance is the tool used to ensure the CU achieves and sustains its objectives.  This is very similar to how the U.S. Constitution serves to achieve and sustain the objectives of forming “a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense,” etc.

AI/ML risk management should be integrated into the firm’s broader risk management framework. The oversight of AI/ML models  should be consistent with the standards and processes in place for traditional models. Nevertheless, traditional MRM frameworks must be enhanced to incorporate the dynamics and integrated risks associated with AI/ML models. AI/ML models directly obtained from open sources or developed by third parties should be subject to the same MRM standards that apply to internally developed AI/ML models.

Who Is Responsible for Model Risk Management Governance?

MRM and governance can become challenging for many institutions, particularly for smaller CUs with budgetary constraints. Ultimately, it is the responsibility of everyone at the institution – starting with the board of directors, extending to senior management, including business heads that own and use the models, and naturally risk management and audit functions. Each of these stakeholders will have R&R in a properly functioning governance framework. However, the Chief Risk Officer should play a central role in designating someone as the CU’s “Head of Model Risk Management”. That individual (or group) may have additional titles and responsibilities depending on the size of the model inventory and the complexity and risk of the models. In the end, the Head of MRM should ensure that P&P are developed and implemented and that those P&P are effective, efficient, and commensurate with the risk footprint and risk appetite of the institution. We emphasize that the Head of MRM works for the CU as the bottom line is that strong model risk management is not only about P&P but also encompasses revenue retention and, in some cases, revenue enhancement.

A strong governance framework should provide reporting structure, approval authority, dispute resolution, and escalation procedures and set the enterprise model risk profile and tolerances within the stated risk appetite of the board. It is important that the board of directors be the driving force behind a strong MRM governance structure, as the board is ultimately responsible for the success or failure of the firm.  As SR-11-7 states:

As part of their overall responsibilities, a bank’s board and senior management should establish a strong model risk management framework that fits into the broader risk management of the organization. That framework should be grounded in an understanding of model risk – not just for individual models but also in the aggregate. The framework should include standards for model development, implementation, use, and validation.”

Risk Appetite Statement

“The best is the enemy of good.”

                                                - Voltaire

CUs, large and small, should have a risk appetite statement approved by the board, that lays out the objectives of the MRM program and will, in fact, guide its development and sustainability. It does not have to be perfect at first. The statement will evolve as the CU evolves. Something as simple as the following is a good starting point:

Identify all models utilized or to be used at the CU, assess their risk to the institution and manage these risks within the CU’s appetite. This entails at minimum ensuring that all models are validated prior to first use with limited and time-constrained exceptions; ensuring models are revalidated on a regular basis commensurate with the risk of the models; resolving issues identified in the model validation process in a timely fashion; monitoring the performance of all models and taking prompt corrective action when model performance deteriorates below acceptable thresholds; ensuring models are properly documented and users know the appropriate use of any model they utilize; ensuring model changes are properly managed and reviewed; and ensuring model dependency is understood and properly managed.

This simple risk appetite statement lays out the broad objectives of the MRM program to be developed. The first objective in the example above is the identification of all models utilized at the firm. To do this, the CU’s governance framework must provide a model definition. We will discuss the model definition and identification process in next week’s article, as well as the development and maintenance of the model inventory.

The level of AI/ML risk that is acceptable to institutions is highly contextual as well as application and use-case specific. Risk tolerance can be influenced by policies and norms established by AI/ML system owners, organizations, industries, communities, or policy makers. Additionally, risk appetite is likely to change over time as AI/ML systems, policies, and norms evolve. Hence, the MRM framework should be flexible enough to accommodate risk practices to the applicable law, regulations and use case settings. 

Model Risk Reporting

“If you don't know where you are going, you'll end up someplace else.”

- Yogi Berra

Reporting requirements will continue to grow as the board, senior management, clients, investors, and regulators seek to manage their interests related to the CU. Reporting requirements around model risk management are not immune to this trend as the use and complexity of models continues to grow at CUs. When outlining reporting requirements, it is important to focus on the objectives laid out in the MRM framework and how those objectives impact the board. This will naturally lead to individual business/functional line reports as these leaders will need to understand their impact on board-level reporting.

When outlining reporting requirements, we recommend start by asking (and in turn answering) the following question: What does the board need to know? Though the answer depends on the CU, some core requirements are listed below:

  • What are the most important models for the firm?
    • Importance should be stratified by risk type.
    • The model risk ranking/rating can be utilized to determine importance.
  •  Under what conditions are the most important models expected to work well and not    work well?
    •  In what circumstances are they likely to break down?
    •  Collectively, are model outputs credible?
    •  What “moves the dial” in terms of key assumptions or judgements?
    •  Are those assumptions and judgments reasonable?
  • What are the key dependencies, assumptions and linkages in risk?
    • Are all key models dependent on a limited number of factors, or
    • Are models essentially independent of inputs and assumptions?
  • Is the governance framework working properly?
    • Are we adequately monitoring and describing/reporting on the state of model risk?
    • Are we quickly identifying gaps in model governance and risk assessment?
    • Are we working with business, risk, and audit to provide adequate oversight?
    • Are controls maintaining model risk within acceptable bounds (i.e., risk appetite)?

Each of these elements are critical in achieving the CU’s model risk framework objectives and achieving sustainability. The challenge is efficiently organizing the risk into (at least) the “buckets” identified above to reduce complexity and to increase clarity, so board members  understand the risk. Starting from this perspective also better aligns business and risk reporting with the information the board receives.

To efficiently digest and utilize this information most institutions now have a risk committee of the board. This is an oversight committee that guides the risk management practice and objectives of the firm.  However, at many smaller institutions model risk management is new to the board and has not been fully integrated into the board risk committee functions.  We next discuss best practice in this regard.

Risk Committees

The risk committee is a management level committee that has a crucial role in any CU, providing critical oversight and guidance to management to execute business within the risk appetite of the firm. Most CUs, large and small, have developed risk committees. However, including model risk management as a responsibility of the risk committee will be new for many smaller institutions. To accomplish this, the risk committee needs to have a member(s) familiar with model risk and its various components as well as the best and current practices in managing that risk. This is a challenge for most small CUs that can be minimized, but not alleviated, with ongoing training and the hiring of a model risk expert (presumably the model risk manager) and her inclusion on the committee. To be effective, the committee members should be representative of both the risk management side and the business side of the CU. There should also be P&P for escalation to the risk committee, which should have ultimate decision-making authority. Examples of model risk issues that could be escalated to the committee are:

  • Is the CU using overlays too often for a particular model?
  • Is it time to recalibrate or rebuild a model?
  • Does the CU have the appropriate number of resources dedicated to model risk oversight?

Conclusion

It is important that CUs start building an effective model risk management program as it takes time to develop a strong risk culture with everyone at the institution understanding and fulfilling their roles appropriately. The framework discussed above aims to help in that endeavour. See you in Week 2!

 

If you have any questions or would like to get in touch, feel free to reach out – we're here to help!

Website

LinkedIn

 12798264091?profile=RESIZE_400x

 

E-mail me when people leave their comments –

You need to be a member of CULytics Community to add comments!

Join CULytics Community

 

advantedge
altair
ibi
arka
trellance
coopfs
dfa
wherescape
alkami
prismacampaigns
marquis
aiq
totex
cnet
datava
aun
cinch
know

Related Post

 

Ad Unit Settings






Ad Url Settings

 

api-lead-approach
the-amazon-lending-experience
executing-advanced-analytics-do-s-and-don-t
lending-transformation-old-vs-new
data-journey-building-strong-analytical-practices
4-step-iterative-process-building-a-relevant-analytics-practice
significant-measures-towards-new-normal
building-a-strong-analytics-practice-recipe-for-success
data-warehouse-evaluation-and-implementation
explainable-ai-trust-and-transparency
forecasting
top-50-members-using-transactional-website-jun-2020
top-50-cus-with-highest-and-lowest-efficiency-june-2020
importance-of-financial-risk-management
secret-sauce-for-long-term-sustainable-business-intelligence-succ
top-pfm-technologies
secret-sauce-for-long-term-sustainable-business-intelligence-succ
top-pfm-technologies
data-warehouse-and-bi-technologies-opportunities-challenges
top-chatbot-technologies
keys-to-building-an-effective-branch-or-atm-network
top-50-credit-unions-with-highest-and-lowest-accounts-per-member
lowest-and-highest-net-income-per-branch
marketing-holy-grail
top-50-most-and-least-delinquent-credit-unions
modern-marketing-technologies
incremental-low-cost-data-driven-wins
power-of-storytelling
the-cost-of-not-investing-in-data-governance
questions-you-should-ask-before-investing-in-data-warehouse
learnings-from-new-data-based-on-auto-loan-pricing
5-questions-you-need-to-ask-before-investing-in-data-governance
digital-marketing-maturity-models-for-credit-unions
marketing-expense-per-member
top-2-reasons-that-are-holding-credit-unions-back-when-they-are-i
using-data-analytics-to-manage-lending-complexity-while-driving-h
5-reasons-your-credit-union-should-invest-in-data-and-digital-now
top-50-most-and-least-efficient-credit-unions
retail-financial-services-outlook-during-covid-19
use-of-operational-analytics-to-mitigate-the-impact-of-covid-19
top-50-credit-unions-based-on-asset-size
cu-peer-comparison-dashboard
cu-peer-benchmark
all-about-machine-learning-engineering
top-web-design-trends
most-important-social-media-marketing-trends
state-of-digital-marketing-maturing-in-credit-unions
top-kpis-for-email-marketing
data-cloud-and-the-digital-transformation-imperative
digital-trinity-and-you
phases-of-financial-industry
analytics-roundtable-workshop
invitation-to-join-digital-transformation-hub
analytics-in-the-credit-union-business
value-of-member-centricity-and-analytics-in-the-growth-of-cus
all-about-membership-analytics
top-fraud-management-technologies
getting-started-with-your-data-analytics-journey
explore-vizualization-for-credit-unions
investment-in-website-personalization-technologies
data-analytics-supporting-cu-s-first-member-philosophy
loyalty-rewards-and-retention-technologies
member-experience-analytics
channel-analytics-and-its-importance
project-portfolio-management-technologies
investment-in-self-service-data-preparation-technologies
self-service-data-preparation-technologies
new-frontier-in-customer-experience-management
role-of-marketing-analytics-in-credit-unions
important-aspects-of-consumer-lending-analytics
kpis-on-website-analytics
journey-towards-bank-less-banking
investment-in-crm-technologies
top-omni-channel-vendors
conversational-banking-solutions
/top-kpis-for-chief-information-officer
mistakes-to-avoid-when-implementing-a-omnichannel-member
top-things-to-consider-when-building-dashboards
making-digital-marketing-more-agile-through-tag-managers
cecl-solution-providers
mistakes-to-avoid-while-implementing-marketing-automation
p2p-payment-integrated-solutions
kpis-for-social-media-tracking
kpis-for-human-resources-management
investment-in-fintechs-should-or-should-not
top-kpis-for-online-banking
investment-in-marketing-automation-technologies
investment-in-e-signature-technologies-should-or-should-not
tips-and-tricks-to-a-successful-bi-program
kpis-for-credit-card-business
kpis-for-digital-marketing
kpis-for-consumer-lending
hot-topics-for-credit-union-data-leaders
kpis-for-debt-collections
kpis-for-finance
website-personalization-tools
data-integration-technologies
robotic-process-automation-tools
why-data-analytics-initiatives-fail
electronic-signature-softwares
data-governance-tools-for-credit-unions
digital-and-mobile-banking-technologies
report-inconsistencies-are-frustrating
is-your-culture-ready-for-data-analytics
three-big-data-myths
turning-transaction-data-into-a-goldmine-a-becu-case-study
call-for-presentation-for-2019-credit-union-analytics-summit-is-n
top-10-keys-to-successful-data-analytics-practice
credit-union-chooses-accountscore-for-open-banking-transaction-da
how-much-do-you-spend-to-serve-a-customer
marketing-automation-technologies-for-credit-union
alexa-ask-first-abilene-fcu-for-my-balance
dataweb-content-management-technologies-for-credit-unions
efficiency-ratio
web-analytics-technologies
data-warehousing-software-for-banks
customer-experience-software
the-best-kept-secret-for-credit-union-data-analytics
mark-sievewright-on-technology-trends
naveen-jain-on-credit-union-analytics-summit-2018
why-analytics-doesn-t-make-a-difference-by-gary-angel
cuas2018-harnessing-the-right-data
build-a-financial-phone-assistant-for-your-credit-union-in-3-step
2018-culytics-analytics-challenge-winner
update-from-naveen
error-resolution
benefits-of-conversational-apps
who-are-your-most-valuable-members-part-1
how-alexa-can-help-your-credit-union
top-10-kpis-for-measuring-retail-channel-performance
how-much-is-too-much-personalization
top-10-kpis-for-measuring-contact-center-efficiency
pressure-on-margins-for-auto-loans-indirect-auto-loans-declining
best-business-intelligence-technologies-for-credit-unions
establishing-a-thriving-data-analytics-practice-is-a-journey
educational-presentations-from-the-2017-axfi-conference
modelling-alternatives-for-cecl-a-deep-future-analytics-study
data-analytics-use-cases-for-credit-unions-infographic
data-analytics-opportunities-in-credit-union-business
loan-application-analytics-with-cufx
machine-learning-delivers-great-consumer-experiences
deep-insights-of-credit-union-members-data-with-machine-learning
web-analytics-reporting-tips-for-credit-unions
big-data-strategy-roadmap-our-data-journey
webinar-framework-for-member-focused-decision-making
too-many-regulations-hurt-credit-union-members
digital-marketing-automation-solutions
online-banking-boom
transformation-transactions-to-relationships
top-dispute-management-technologies
2020-retail-trends
future-of-artificial-intelligence
2020-culytics-summit-attendee-dashboard
repositioning-the-role-of-marketing
marketing-automation-a-step-towards-marketing-transformation
strategic-agility
using-data-to-navigate-through-the-new-normal
digital-transformation-bcu
highest-and-lowest-new-loan-balances-per-branch-as-of-jun-2020
-new-members-ratio-as-of-june-2020
cus-with-highest-and-lowest-loan-grants-per-member-june-2020
self-service-data-preparation-technologies
highest-and-lowest-marketing-expense-per-member-june-2020
the-amazon-lending-experience
api-lead-approach
4-step-iterative-process-building-a-relevant-analytics-practice
data-journey-building-strong-analytical-practices
post-election-the-cu-outlook
most-and-least-delinquent-credit-unions-sept-2020
leveraging-ach-data-to-produce-real-outcomes
member-engagement-scores-benefits
member-engagement-key-to-serve-the-best
story-of-james-an-intelligence-transformation
executive-kpis-the-pulse-of-the-organization
untangling-member-journey
onboarding-strategy-to-deliver-success
the-importance-of-digital-technologies
top-interactive-financial-calculators
using-artificial-intelligence-to-improve-your-productivity
organizational-transformation-to-drive-growth
multi-year-journey-through-data-transformation
top-50-cus-with-the-highest-and-lowest-member-per-branch
digital-transformation-lessons-through-the-eyes-of-a-ceo
organizational-readiness-for-digital-transformation
ruthless-prioritization-to-do-more-to-learn-more-and-to-earn-more
performance-measures-for-digital-services
analytical-maturity-journey-towards-growth
less-is-more-the-necessity-of-focus-for-strategic-success
solving-the-crm-mrm-puzzle
insights-driven-messaging-member-and-product-onboarding
performance-measures-for-marketing
data-insights-that-drive-member-product-innovation
solving-the-crm-mrm-puzzle
the-agility-flywheel-a-strategy-that-never-goes-out-of-the-way
artificial-intelligence-as-a-playing-field-for-credit-unions
performance-measures-for-call-centers
top-automl-technologies
performance-measures-for-lending
building-business-case-for-data-analytics
driving-innovation-and-change
data-analyze-decide-and-create
digital-readiness-important-steps-to-achieve
digital-readiness-important-steps-to-achieve
enabling-credit-unions-with-ai
culytics-virtual-summit-2022-a-resounding-success
culytics-virtual-summit-2022-day-1
digital-banking-roundtable
digital-marketing-roundtable
transformative-lessons-from-a-chief-digital-officer
data-analytics-roundtable-mar-11
rewind-2022-culytics-day-key-highlights
data-analytics-team-roles
data-warehouse-development
data-analytics-team-size
is-your-data-analytics-program-not-delivering-results
active-deposit-management-for-profitable-growth
data-modeling
maximize-your-success-with-2023-CULytics-summit
biggest-opportunities-for-credit-unions
should-ceos-attend-the-culytics-summit
the-cost-of-a-wrong-decision
biggest-roadblocks-in-becoming-data-driven
a-journey-for-all-organizational-maturity-levels
maximize-your-data-analytics-checkup
navigating-the-data-analytics-landscape
improving-data-literacy
why-credit-union-leaders-should-invest-in-their-teams
why-credit-unions-should-not-invest-in-building-predictive-models
why-should-measure-the-success-of-data-analytics-program
cost-of-choosing-the-wrong-data-analytics-technology-stack
why-data-analytics-strategy-focus-on-supply-and-demand-side
kpis-to-measure-the-success-of-data-analytics-program
data-analytics-for-credit-union-branch-heads
data-organizing-principles
top-data-warehouse-storage-technologies
discover-the-hidden-truth-behind-watermelon-kpis
unveiling-the-hidden-dangers-of-cobra-effect-on-kpis
are-you-accurately-interpreting-your-kpi
unmasking-biases-a-guide-to-data-analysis-and-kpi-definition
uncover-the-power-of-proxy-kpis
unraveling-the-hidden-impact-of-sampling-bias-in-credit-unions
bi-department-structure
hidden-impact-of-confirmation-bias-in-credit-unions
getting-executive-attention-for-your-data-analytics-program
uncovering-biases-in-data-preprocessing
navigating-missing-data-in-credit-unions
navigating-sampling-bias-in-cu
unleash-the-power-of-real-time-data-use-cases
how-confirmation-bias-impacts-cus
breaking-down-selection-bias-in-credit-unions
unmasking-reporting-bias
elevate-your-cu-with-data-analytics-expertise
understanding-and-tackling-volunteer-bias-in-credit-unions
time-period-bias-in-credit-union
overcoming-biases-in-credit-unions
embracing-the-future-fast-future-fundamentals-program-equips-cred
unlock-growth-and-efficiency-credit-unions-guide-to-generative-ai
how-better-data-and-behavioral-biometrics-can-help-credit-unions-
harnessing-the-power-of-data-in-credit-unions
leveraging-third-party-data-a-strategic-guide-for-credit-unions
unlocking-member-insights-how-cus-can-leverage-third-party-data
enhancing-customer-experience-through-third-party-data
third-party-data-integration-techniques-and-technologies
the-future-of-lending-third-party-data-role-in-credit-decisioning
how-third-party-information-shapes-cu-strategies
using-data-to-improve-access-to-credit-for-low-income-members
designing-financial-products-for-low-income-members-using-data
measuring-and-enhancing-the-impact-of-support-programs
data-governance-why-selling-internally-is-important
selling-data-governance-in-your-credit-union
building-a-business-case-and-engaging-stakeholders
creating-a-data-governance-roadmap-and-executing-it
measuring-and-demonstrating-the-impact-of-data-governance
sustaining-momentum-keeping-data-governance-a-priority
overcoming-challenges-in-transaction-data-analysis-credit-unions
empowering-members-through-transaction-data
how-credit-unions-leverage-transaction-data-best-practices
unlocking-financial-independence-the-power-of-transaction-data
the-power-of-transaction-data-enrichment
avoid-financial-reputation-and-member-trust-issues
introduction-to-model-risk-management
week-1-mrm-a-practitioner-s-approach
week-2-guide-to-identifying-and-maintaining-models
survey-insights-navigating-mrm-in-credit-unions
week-3-application-of-mrm-insights-to-sound-model-development-eff
unlocking-the-secrets-to-attracting-gen-y-and-z
creating-a-seamless-member-experience-for-gen-y-and-gen-z
data-analytics-maturity-assessment-report
marketing-to-gen-y-and-z-strategies-that-work-for-credit-unions
the-imperative-of-engaging-millennials-and-gen-z
cu-build-lasting-relationships-with-gen-z-financial-literacy
how-social-responsibility-drives-gen-z-membership
loyalty-programs-that-work-keeping-gen-y-and-z-members-engaged
insights-on-engaging-millennials-and-gen-z-at-credit-union
ai-driven-member-experience
streamlining-operations-with-ai
innovation-and-member-inclusion-in-ai-credit-risk-models
ai-risk-management-enhancing-fraud-detection-and-cybersecurity
how-ai-is-transforming-data-analytics-for-credit-union
overcoming-ai-adoption-challenges-in-credit-unions
the-state-of-ai-in-credit-unions-survey-insights
creating-a-culture-of-innovation
building-the-foundation
closing-the-talent-gap
ensuring-data-readiness
navigating-the-roadblocks-ai-and-data-analytics-in-credit-unions