Week 1 - MRM. A Practitioner’s Approach

Co-Authors:

Carolina Biagini - Senior Quantitative Analyst - Kevin D. Oden & Associates

Amul Bhatia - Partner - Kevin D. Oden & Associates

As Credit Unions (CUs) shift into automation, data-driven processes, and Artificial Intelligence (AI) to transform to digital banking, the use and complexity of models utilized will grow rapidly. While these technologies provide immense opportunity, they carry risk as well. Financial institutions should anticipate an expansion of in-scope AI and Machine Learning (ML) applications given regulatory predisposition toward inclusion. The OCC has already claimed that many AI/ML tools should be considered models, and their model risk should be properly managed[1].

Developing a sound, cost-efficient Model Risk Management (MRM) framework appropriately scaled for the institution is a key element of making the gains from increased model use sustainable. The framework discussed below aims to help in that endeavour.

Model Governance

“The real mechanism for corporate governance is the active involvement of the owners.”

- Louis V. Gerstner, Jr.

As SR-11-7 states,

“A strong governance framework provides explicit support and structure to risk management functions through policies defining relevant risk management activities, procedures that implement those policies, allocation of resources, and mechanisms for evaluating whether policies and procedures are being carried out as specified.”

When tasked with building out a MRM program, many CUs find it difficult to know where to start. That is where the notion of a model governance framework comes into play. Once the framework is established, the process of assigning roles and responsibilities (R&R), followed by the development of policies and procedures (P&P), becomes easier. Developing this framework and reviewing it on a regular basis lead to strong, sustainable model governance.

Developing a framework

Is it commonly claimed that the extent and sophistication of the governance framework should align with the extent and sophistication of model usage at the institution. But how does a CU go about putting together such a framework? The first step is determining objectives. Next, the CU needs to determine what it takes to achieve those objectives. Finally, the CU needs to assess what it takes to make those achievements sustainable. A concrete example of an MRM framework looks like this:

Objectives:
1. Identify all models used at the CU.
2. Assess the risks associated with those models.
3. Assess the institution’s appetite for the current model risk profile.
4. Manage risk within the institution’s appetite.

Plan to achieve objectives:
1. Develop a model identification process.
2. Develop a risk assessment process for individual models and in aggregate.
3. Determine how much model risk the firm is comfortable with.
4. Develop a plan to reduce or retain risk within the firm’s risk appetite.

Plan to make objectives sustainable:
1. Develop a revision process to ensure objectives are sustainable.
2. Develop policies regarding R&R in #1, #2 and #3a.
3. Develop a governance framework to review the execution of the plan, to assess the performance of individuals and groups in relation to P&P, and to make recommendations for refinements.

The CU’s model risk objectives should be placed in a risk appetite statement where the firm’s appetite (and capacity) for model risk is prescribed. Once these objectives are initially set, a governance framework should be developed to achieve those objectives and make them sustainable. As described above, governance is the tool used to ensure the CU achieves and sustains its objectives. This is very similar to how the U.S. Constitution serves to achieve and sustain the objectives of forming “a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defense,” etc.

AI/ML risk management should be integrated into the firm’s broader risk management framework. The oversight of AI/ML models should be consistent with the standards and processes in place for traditional models. Nevertheless, traditional MRM frameworks must be enhanced to incorporate the dynamics and integrated risks associated with AI/ML models. AI/ML models directly obtained from open sources or developed by third parties should be subject to the same MRM standards that apply to internally developed AI/ML models.

Who Is Responsible for Model Risk Management Governance?

MRM and governance can become challenging for many institutions, particularly for smaller CUs with budgetary constraints. Ultimately, it is the responsibility of everyone at the institution – starting with the board of directors, extending to senior management, including business heads that own and use the models, and naturally risk management and audit functions. Each of these stakeholders will have R&R in a properly functioning governance framework. However, the Chief Risk Officer should play a central role in designating someone as the CU’s “Head of Model Risk Management”. That individual (or group) may have additional titles and responsibilities depending on the size of the model inventory and the complexity and risk of the models. In the end, the Head of MRM should ensure that P&P are developed and implemented and that those P&P are effective, efficient, and commensurate with the risk footprint and risk appetite of the institution. We emphasize that the Head of MRM works for the CU as the bottom line is that strong model risk management is not only about P&P but also encompasses revenue retention and, in some cases, revenue enhancement.

A strong governance framework should provide reporting structure, approval authority, dispute resolution, and escalation procedures and set the enterprise model risk profile and tolerances within the stated risk appetite of the board. It is important that the board of directors be the driving force behind a strong MRM governance structure, as the board is ultimately responsible for the success or failure of the firm. As SR-11-7 states:

“As part of their overall responsibilities, a bank’s board and senior management should establish a strong model risk management framework that fits into the broader risk management of the organization. That framework should be grounded in an understanding of model risk – not just for individual models but also in the aggregate. The framework should include standards for model development, implementation, use, and validation.”

Risk Appetite Statement

“The best is the enemy of good.”

- Voltaire

CUs, large and small, should have a risk appetite statement approved by the board, that lays out the objectives of the MRM program and will, in fact, guide its development and sustainability. It does not have to be perfect at first. The statement will evolve as the CU evolves. Something as simple as the following is a good starting point:

Identify all models utilized or to be used at the CU, assess their risk to the institution and manage these risks within the CU’s appetite. This entails at minimum ensuring that all models are validated prior to first use with limited and time-constrained exceptions; ensuring models are revalidated on a regular basis commensurate with the risk of the models; resolving issues identified in the model validation process in a timely fashion; monitoring the performance of all models and taking prompt corrective action when model performance deteriorates below acceptable thresholds; ensuring models are properly documented and users know the appropriate use of any model they utilize; ensuring model changes are properly managed and reviewed; and ensuring model dependency is understood and properly managed.

This simple risk appetite statement lays out the broad objectives of the MRM program to be developed. The first objective in the example above is the identification of all models utilized at the firm. To do this, the CU’s governance framework must provide a model definition. We will discuss the model definition and identification process in next week’s article, as well as the development and maintenance of the model inventory.

The level of AI/ML risk that is acceptable to institutions is highly contextual as well as application and use-case specific. Risk tolerance can be influenced by policies and norms established by AI/ML system owners, organizations, industries, communities, or policy makers. Additionally, risk appetite is likely to change over time as AI/ML systems, policies, and norms evolve. Hence, the MRM framework should be flexible enough to accommodate risk practices to the applicable law, regulations and use case settings.

Model Risk Reporting

“If you don't know where you are going, you'll end up someplace else.”

- Yogi Berra

Reporting requirements will continue to grow as the board, senior management, clients, investors, and regulators seek to manage their interests related to the CU. Reporting requirements around model risk management are not immune to this trend as the use and complexity of models continues to grow at CUs. When outlining reporting requirements, it is important to focus on the objectives laid out in the MRM framework and how those objectives impact the board. This will naturally lead to individual business/functional line reports as these leaders will need to understand their impact on board-level reporting.

When outlining reporting requirements, we recommend start by asking (and in turn answering) the following question: What does the board need to know? Though the answer depends on the CU, some core requirements are listed below:

What are the most important models for the firm?

- Importance should be stratified by risk type.
- The model risk ranking/rating can be utilized to determine importance.
Under what conditions are the most important models expected to work well and not work well?
- In what circumstances are they likely to break down?
- Collectively, are model outputs credible?
- What “moves the dial” in terms of key assumptions or judgements?
- Are those assumptions and judgments reasonable?
What are the key dependencies, assumptions and linkages in risk?
- Are all key models dependent on a limited number of factors, or
- Are models essentially independent of inputs and assumptions?
Is the governance framework working properly?
- Are we adequately monitoring and describing/reporting on the state of model risk?
- Are we quickly identifying gaps in model governance and risk assessment?
- Are we working with business, risk, and audit to provide adequate oversight?
- Are controls maintaining model risk within acceptable bounds (i.e., risk appetite)?

Each of these elements are critical in achieving the CU’s model risk framework objectives and achieving sustainability. The challenge is efficiently organizing the risk into (at least) the “buckets” identified above to reduce complexity and to increase clarity, so board members understand the risk. Starting from this perspective also better aligns business and risk reporting with the information the board receives.

To efficiently digest and utilize this information most institutions now have a risk committee of the board. This is an oversight committee that guides the risk management practice and objectives of the firm. However, at many smaller institutions model risk management is new to the board and has not been fully integrated into the board risk committee functions. We next discuss best practice in this regard.

Risk Committees

The risk committee is a management level committee that has a crucial role in any CU, providing critical oversight and guidance to management to execute business within the risk appetite of the firm. Most CUs, large and small, have developed risk committees. However, including model risk management as a responsibility of the risk committee will be new for many smaller institutions. To accomplish this, the risk committee needs to have a member(s) familiar with model risk and its various components as well as the best and current practices in managing that risk. This is a challenge for most small CUs that can be minimized, but not alleviated, with ongoing training and the hiring of a model risk expert (presumably the model risk manager) and her inclusion on the committee. To be effective, the committee members should be representative of both the risk management side and the business side of the CU. There should also be P&P for escalation to the risk committee, which should have ultimate decision-making authority. Examples of model risk issues that could be escalated to the committee are:

Is the CU using overlays too often for a particular model?
Is it time to recalibrate or rebuild a model?
Does the CU have the appropriate number of resources dedicated to model risk oversight?

Conclusion

It is important that CUs start building an effective model risk management program as it takes time to develop a strong risk culture with everyone at the institution understanding and fulfilling their roles appropriately. The framework discussed above aims to help in that endeavour. See you in Week 2!

If you have any questions or would like to get in touch, feel free to reach out – we're here to help!

Website

api-lead-approach

the-amazon-lending-experience

executing-advanced-analytics-do-s-and-don-t

lending-transformation-old-vs-new

data-journey-building-strong-analytical-practices

4-step-iterative-process-building-a-relevant-analytics-practice

significant-measures-towards-new-normal

building-a-strong-analytics-practice-recipe-for-success

data-warehouse-evaluation-and-implementation

explainable-ai-trust-and-transparency

forecasting

top-50-members-using-transactional-website-jun-2020

top-50-cus-with-highest-and-lowest-efficiency-june-2020

importance-of-financial-risk-management

secret-sauce-for-long-term-sustainable-business-intelligence-succ

top-pfm-technologies

secret-sauce-for-long-term-sustainable-business-intelligence-succ

top-pfm-technologies

data-warehouse-and-bi-technologies-opportunities-challenges

top-chatbot-technologies

keys-to-building-an-effective-branch-or-atm-network

top-50-credit-unions-with-highest-and-lowest-accounts-per-member

lowest-and-highest-net-income-per-branch

marketing-holy-grail

top-50-most-and-least-delinquent-credit-unions

modern-marketing-technologies

incremental-low-cost-data-driven-wins

power-of-storytelling

the-cost-of-not-investing-in-data-governance

questions-you-should-ask-before-investing-in-data-warehouse

learnings-from-new-data-based-on-auto-loan-pricing

5-questions-you-need-to-ask-before-investing-in-data-governance

digital-marketing-maturity-models-for-credit-unions

marketing-expense-per-member

top-2-reasons-that-are-holding-credit-unions-back-when-they-are-i

using-data-analytics-to-manage-lending-complexity-while-driving-h

5-reasons-your-credit-union-should-invest-in-data-and-digital-now

top-50-most-and-least-efficient-credit-unions

retail-financial-services-outlook-during-covid-19

use-of-operational-analytics-to-mitigate-the-impact-of-covid-19

top-50-credit-unions-based-on-asset-size

cu-peer-comparison-dashboard

cu-peer-benchmark

all-about-machine-learning-engineering

top-web-design-trends

most-important-social-media-marketing-trends

state-of-digital-marketing-maturing-in-credit-unions

top-kpis-for-email-marketing

data-cloud-and-the-digital-transformation-imperative

digital-trinity-and-you

phases-of-financial-industry

analytics-roundtable-workshop

invitation-to-join-digital-transformation-hub

analytics-in-the-credit-union-business

value-of-member-centricity-and-analytics-in-the-growth-of-cus

all-about-membership-analytics

top-fraud-management-technologies

getting-started-with-your-data-analytics-journey

explore-vizualization-for-credit-unions

investment-in-website-personalization-technologies

data-analytics-supporting-cu-s-first-member-philosophy

loyalty-rewards-and-retention-technologies

member-experience-analytics

channel-analytics-and-its-importance

project-portfolio-management-technologies

investment-in-self-service-data-preparation-technologies

self-service-data-preparation-technologies

new-frontier-in-customer-experience-management

role-of-marketing-analytics-in-credit-unions

important-aspects-of-consumer-lending-analytics

kpis-on-website-analytics

journey-towards-bank-less-banking

investment-in-crm-technologies

top-omni-channel-vendors

conversational-banking-solutions

/top-kpis-for-chief-information-officer

mistakes-to-avoid-when-implementing-a-omnichannel-member

top-things-to-consider-when-building-dashboards

making-digital-marketing-more-agile-through-tag-managers

cecl-solution-providers

mistakes-to-avoid-while-implementing-marketing-automation

p2p-payment-integrated-solutions

kpis-for-social-media-tracking

kpis-for-human-resources-management

investment-in-fintechs-should-or-should-not

top-kpis-for-online-banking

investment-in-marketing-automation-technologies

investment-in-e-signature-technologies-should-or-should-not

tips-and-tricks-to-a-successful-bi-program

kpis-for-credit-card-business

kpis-for-digital-marketing

kpis-for-consumer-lending

hot-topics-for-credit-union-data-leaders

kpis-for-debt-collections

kpis-for-finance

website-personalization-tools

data-integration-technologies

robotic-process-automation-tools

why-data-analytics-initiatives-fail

electronic-signature-softwares

data-governance-tools-for-credit-unions

digital-and-mobile-banking-technologies

report-inconsistencies-are-frustrating

is-your-culture-ready-for-data-analytics

three-big-data-myths

turning-transaction-data-into-a-goldmine-a-becu-case-study

call-for-presentation-for-2019-credit-union-analytics-summit-is-n

top-10-keys-to-successful-data-analytics-practice

credit-union-chooses-accountscore-for-open-banking-transaction-da

how-much-do-you-spend-to-serve-a-customer

marketing-automation-technologies-for-credit-union

alexa-ask-first-abilene-fcu-for-my-balance

dataweb-content-management-technologies-for-credit-unions

efficiency-ratio

web-analytics-technologies

data-warehousing-software-for-banks

customer-experience-software

the-best-kept-secret-for-credit-union-data-analytics

mark-sievewright-on-technology-trends

naveen-jain-on-credit-union-analytics-summit-2018

why-analytics-doesn-t-make-a-difference-by-gary-angel

cuas2018-harnessing-the-right-data

build-a-financial-phone-assistant-for-your-credit-union-in-3-step

2018-culytics-analytics-challenge-winner

update-from-naveen

error-resolution

benefits-of-conversational-apps

who-are-your-most-valuable-members-part-1

how-alexa-can-help-your-credit-union

top-10-kpis-for-measuring-retail-channel-performance

how-much-is-too-much-personalization

top-10-kpis-for-measuring-contact-center-efficiency

pressure-on-margins-for-auto-loans-indirect-auto-loans-declining

best-business-intelligence-technologies-for-credit-unions

establishing-a-thriving-data-analytics-practice-is-a-journey

educational-presentations-from-the-2017-axfi-conference

modelling-alternatives-for-cecl-a-deep-future-analytics-study

data-analytics-use-cases-for-credit-unions-infographic

data-analytics-opportunities-in-credit-union-business

loan-application-analytics-with-cufx

machine-learning-delivers-great-consumer-experiences

deep-insights-of-credit-union-members-data-with-machine-learning

web-analytics-reporting-tips-for-credit-unions

big-data-strategy-roadmap-our-data-journey

webinar-framework-for-member-focused-decision-making

too-many-regulations-hurt-credit-union-members

digital-marketing-automation-solutions

online-banking-boom

transformation-transactions-to-relationships

top-dispute-management-technologies

2020-retail-trends

future-of-artificial-intelligence

2020-culytics-summit-attendee-dashboard

repositioning-the-role-of-marketing

marketing-automation-a-step-towards-marketing-transformation

strategic-agility

using-data-to-navigate-through-the-new-normal

digital-transformation-bcu

highest-and-lowest-new-loan-balances-per-branch-as-of-jun-2020

-new-members-ratio-as-of-june-2020

cus-with-highest-and-lowest-loan-grants-per-member-june-2020

self-service-data-preparation-technologies

highest-and-lowest-marketing-expense-per-member-june-2020

the-amazon-lending-experience

api-lead-approach

4-step-iterative-process-building-a-relevant-analytics-practice

data-journey-building-strong-analytical-practices

post-election-the-cu-outlook

most-and-least-delinquent-credit-unions-sept-2020

leveraging-ach-data-to-produce-real-outcomes

member-engagement-scores-benefits

member-engagement-key-to-serve-the-best

story-of-james-an-intelligence-transformation

executive-kpis-the-pulse-of-the-organization

untangling-member-journey

onboarding-strategy-to-deliver-success

the-importance-of-digital-technologies

top-interactive-financial-calculators

using-artificial-intelligence-to-improve-your-productivity

organizational-transformation-to-drive-growth

multi-year-journey-through-data-transformation

top-50-cus-with-the-highest-and-lowest-member-per-branch

digital-transformation-lessons-through-the-eyes-of-a-ceo

organizational-readiness-for-digital-transformation

ruthless-prioritization-to-do-more-to-learn-more-and-to-earn-more

performance-measures-for-digital-services

analytical-maturity-journey-towards-growth

less-is-more-the-necessity-of-focus-for-strategic-success

solving-the-crm-mrm-puzzle

insights-driven-messaging-member-and-product-onboarding

performance-measures-for-marketing

data-insights-that-drive-member-product-innovation

solving-the-crm-mrm-puzzle

the-agility-flywheel-a-strategy-that-never-goes-out-of-the-way

artificial-intelligence-as-a-playing-field-for-credit-unions

performance-measures-for-call-centers

top-automl-technologies

performance-measures-for-lending

building-business-case-for-data-analytics

driving-innovation-and-change

data-analyze-decide-and-create

digital-readiness-important-steps-to-achieve

enabling-credit-unions-with-ai

culytics-virtual-summit-2022-a-resounding-success

culytics-virtual-summit-2022-day-1

digital-banking-roundtable

digital-marketing-roundtable

transformative-lessons-from-a-chief-digital-officer

data-analytics-roundtable-mar-11

rewind-2022-culytics-day-key-highlights

data-analytics-team-roles

data-warehouse-development

data-analytics-team-size

is-your-data-analytics-program-not-delivering-results

active-deposit-management-for-profitable-growth

data-modeling

maximize-your-success-with-2023-CULytics-summit

biggest-opportunities-for-credit-unions

should-ceos-attend-the-culytics-summit

the-cost-of-a-wrong-decision

biggest-roadblocks-in-becoming-data-driven

a-journey-for-all-organizational-maturity-levels

maximize-your-data-analytics-checkup

navigating-the-data-analytics-landscape

improving-data-literacy

why-credit-union-leaders-should-invest-in-their-teams

why-credit-unions-should-not-invest-in-building-predictive-models

why-should-measure-the-success-of-data-analytics-program

cost-of-choosing-the-wrong-data-analytics-technology-stack

why-data-analytics-strategy-focus-on-supply-and-demand-side

kpis-to-measure-the-success-of-data-analytics-program

data-analytics-for-credit-union-branch-heads

data-organizing-principles

top-data-warehouse-storage-technologies

discover-the-hidden-truth-behind-watermelon-kpis

unveiling-the-hidden-dangers-of-cobra-effect-on-kpis

are-you-accurately-interpreting-your-kpi

unmasking-biases-a-guide-to-data-analysis-and-kpi-definition

uncover-the-power-of-proxy-kpis

unraveling-the-hidden-impact-of-sampling-bias-in-credit-unions

bi-department-structure

hidden-impact-of-confirmation-bias-in-credit-unions

getting-executive-attention-for-your-data-analytics-program

uncovering-biases-in-data-preprocessing

navigating-missing-data-in-credit-unions

navigating-sampling-bias-in-cu

unleash-the-power-of-real-time-data-use-cases

how-confirmation-bias-impacts-cus

breaking-down-selection-bias-in-credit-unions

unmasking-reporting-bias

elevate-your-cu-with-data-analytics-expertise

understanding-and-tackling-volunteer-bias-in-credit-unions

time-period-bias-in-credit-union

overcoming-biases-in-credit-unions

embracing-the-future-fast-future-fundamentals-program-equips-cred

unlock-growth-and-efficiency-credit-unions-guide-to-generative-ai

how-better-data-and-behavioral-biometrics-can-help-credit-unions-

harnessing-the-power-of-data-in-credit-unions

leveraging-third-party-data-a-strategic-guide-for-credit-unions

unlocking-member-insights-how-cus-can-leverage-third-party-data

enhancing-customer-experience-through-third-party-data

third-party-data-integration-techniques-and-technologies

the-future-of-lending-third-party-data-role-in-credit-decisioning

how-third-party-information-shapes-cu-strategies

using-data-to-improve-access-to-credit-for-low-income-members

designing-financial-products-for-low-income-members-using-data

measuring-and-enhancing-the-impact-of-support-programs

data-governance-why-selling-internally-is-important

selling-data-governance-in-your-credit-union

building-a-business-case-and-engaging-stakeholders

creating-a-data-governance-roadmap-and-executing-it

measuring-and-demonstrating-the-impact-of-data-governance

sustaining-momentum-keeping-data-governance-a-priority

overcoming-challenges-in-transaction-data-analysis-credit-unions

empowering-members-through-transaction-data

how-credit-unions-leverage-transaction-data-best-practices

unlocking-financial-independence-the-power-of-transaction-data

the-power-of-transaction-data-enrichment

avoid-financial-reputation-and-member-trust-issues

introduction-to-model-risk-management

week-1-mrm-a-practitioner-s-approach

week-2-guide-to-identifying-and-maintaining-models

survey-insights-navigating-mrm-in-credit-unions

week-3-application-of-mrm-insights-to-sound-model-development-eff

unlocking-the-secrets-to-attracting-gen-y-and-z

creating-a-seamless-member-experience-for-gen-y-and-gen-z

data-analytics-maturity-assessment-report

marketing-to-gen-y-and-z-strategies-that-work-for-credit-unions

the-imperative-of-engaging-millennials-and-gen-z

cu-build-lasting-relationships-with-gen-z-financial-literacy

how-social-responsibility-drives-gen-z-membership

loyalty-programs-that-work-keeping-gen-y-and-z-members-engaged

insights-on-engaging-millennials-and-gen-z-at-credit-union

ai-driven-member-experience

streamlining-operations-with-ai

innovation-and-member-inclusion-in-ai-credit-risk-models

ai-risk-management-enhancing-fraud-detection-and-cybersecurity

how-ai-is-transforming-data-analytics-for-credit-union

overcoming-ai-adoption-challenges-in-credit-unions

the-state-of-ai-in-credit-unions-survey-insights

creating-a-culture-of-innovation

building-the-foundation

closing-the-talent-gap

Curious about the Data Analytics
Maturity of your Credit Union?

Why reinvent the wheel? Keep it simple.

Need unbiased advice on your top data and digital challenges