6/28/17 - FDIC Adopts Fed and OCC Guidance for Managing Model Risk
Home > News & Insights > Insights & Publications

6/28/17 - FDIC Adopts Fed and OCC Guidance for Managing Model Risk

The Federal Deposit Insurance Corp. on June 7 published a financial-institution letter announcing its adoption of the “Supervisory Guidance on Model Risk Management” issued by the Federal Reserve Board and Office of the Comptroller of the Currency in 2011. The guidance sets supervisory expectations for the first, second, and third lines of defense in model risk management, or MRM. Activities addressed include model development, implementation, and use; model validation; and model governance, policies, and controls. The FDIC adopted the guidance to “facilitate consistent model risk-management expectations across the banking agencies and industry,” the letter said. In practice, the FDIC has been applying the guidance for some time to the larger and more complex institutions for which it serves as primary regulator. The formal adoption of the guidance — which covers all FDIC-supervised banks with greater than $1 billion in assets — indicates the FDIC will soon increase its scrutiny of MRM at a broader set of banks.

Supervisory Expectations for MRM

Developed by banking supervisors partly in response to the financial crisis, the guidance promotes a principles-based approach to MRM. It begins by defining “model” and “model risk” and makes clear that model risk should be assessed and managed like any other risk faced by a bank. One of the guiding principles for MRM is “effective challenge,” which involves engaging in critical analysis of models to identify limitations or deficiencies and bring about appropriate changes. The guidance incorporates the important consideration of “materiality” (i.e., that the rigor and extent of risk management activities should depend on the potential impact of the risks associated with any use of models).

The guidance emphasizes the importance of disciplined model development and implementation practices to control model risk. For firms using third-party models, it emphasizes the need for rigorous validation of acquired models. The guidance notes that model developers and users have important roles to play, in ensuring that models are used appropriately and subject to effective challenge and controls. This emphasis on the role of model development and use in MRM marked a break from previous guidance, which focused solely on model validation. Validation — the set of processes and activities that verify models are performing as they should — is still given significant attention in the guidance and in supervisory exams.

The guidance concludes with a discussion of governance, policies, and controls. It covers seven key areas of governance: involvement by the board of directors and senior management, comprehensive policies and procedures, appropriate assignment of roles and responsibilities, internal audit, judicious deployment of external resources, documentation, and maintenance of a comprehensive model inventory.

Industry practices for MRM have significantly evolved in the six years since the Fed and OCC issued the guidance. The guidance articulated many expectations that went beyond the state of practice at most banks when it was released, and U.S. banks have engaged in substantial efforts to enhance their MRM frameworks and practices in response. Significant areas of enhancement include expanded MRM responsibilities for model developers, users, and owners; the development of risk-information systems to support maintenance of model inventory and other MRM activities; the development of specialized staff devoted to model validation and governance; the development of new reporting approaches for model risk and board-level model risk appetite statements; and significant enhancements to the audit function.

Steps for Meeting the MRM Expectations

The guidance states that MRM frameworks and activities should “be commensurate with a bank's risk exposures, its business activities, and the complexity and extent of its model use.” The FDIC’s adoption of the guidance will therefore require different levels of response from different banks. But because the FDIC announcement states that the guidance will apply to FDIC-supervised firms with assets greater than $1 billion, all banks with assets over $1 billion will likely be expected to build suitable MRM frameworks.

FDIC-supervised institutions with more than $1 billion in assets will find it beneficial to review any MRM frameworks and practices already in place and then evaluate them against the requirements of the guidance. Banks can meet the FDIC’s expectations for implementing an MRM program by:

  • Clearly designating an individual with responsibility for MRM
  • Understanding the supervisory definition of a model, and how to distinguish models from other analytical tools
  • Understanding the concept of model risk
  • Creating and maintaining a comprehensive model inventory using a suitable inventory system
  • Developing MRM framework documents, including a model-risk policy and implementing procedures that include — at a minimum — procedures for model development, model validation, and model inventory
  • Developing tools to support the MRM framework, including a tool for model risk rating and templates for model development and validation documentation
  • Developing and implementing a plan to bring existing models into compliance with the new MRM framework by remediating any gaps in model documentation and validation

Developing an effective MRM program requires time, and banks that adopt a thoughtful, staged approach will help ensure successful implementation. Firms can begin by performing detailed self-assessments and formulating risk-based remediation plans to close any gaps in their MRM frameworks.

How Promontory Can Help

Promontory, an IBM Company, offers a unique combination of experience, expertise, and tools to help financial institutions meet FDIC expectations for MRM. Promontory has worked with financial institutions of all sizes and types to meet the supervisory expectations. We can develop an MRM program that is appropriately calibrated to meet supervisory expectations for your bank. Promontory’s experts have:

  • Assisted financial institutions across multiple regulatory jurisdictions in developing model risk frameworks
  • Created and led modeling and MRM functions in practice at financial institutions
  • Developed models to meet supervisory expectations
  • Validated complex financial risk models and large suites of models
  • Remediated documentation for large complex model suites, as well as for smaller and simpler sets of models
  • Developed and applied the guidance as bank supervisors and model examiners

Promontory draws on its deep expertise to help clients develop and implement fully functioning and compliant MRM programs, or provide support on any of the components required.

We assist clients with:

  • Development and implementation of MRM policies and procedures appropriate to a bank’s size and complexity
  • Communication strategies to enhance effectiveness and assure long-term compliance
  • Stakeholder training, either firmwide or for specific functions such as the head of MRM, model validators, model developers, model users, senior management, and board members
  • Initial model-inventory development and associated training
  • Design of a simple model inventory or full-featured MRM support systems
  • Development of methodologies for model risk rating
  • Development of supporting tools, including templates for model documentation and validation
  • Remediation of models, including supplementary testing and/or documentation
  • Validation of all or a portion of the model inventory

Contact Us

Nicholas Kiritz
Director and Lead Expert for Model Risk Management
+1 202 370 0401

William Lang
Managing Director
+1 212 542 6790

Erik Larson
Managing Director and Global Head for Quantitative Methodologies and Analytics
+1 202 384 1200

Mark Levonian
Managing Director and Global Head for Enterprise Economics and Risk Analysis
+1 415 986 4160

Miles Ravitz
+1 212 542 6787