Reduce Culture Risk with ValidMind
In our previous article Honor the Human with ValidMind, we introduced the idea that good automation elevates human oversight over models by bridging the gap between model and developer. But model development is only the first stage of the multi-faceted model lifecycle, a complex interplay between various model risk management (MRM) teams, business units, and stakeholders with often competing requirements and resources.
Accurate, thorough — and yes, efficient and easily maintained — documentation builds a powerful foundation for the rest of the model lifecycle. However, effective management of model risks, defined simply as the possibility of loss or damages due to limitations or misuse of models, can only be achieved with greater cooperation between all the different players involved.
Long before the alacritous ascent of artificial intelligence (AI), technology has been used not only to enhance the workflow of the individual but to create incredible opportunities for collaboration. From the first telegraph connecting Europe and North America in 1858, to the email innovation of the 1960s, to the instant messaging craze of the mid 1990s and beyond — humans have been creating and relying on tools to connect us. In our current fast-paced age of video conferencing and remote work, where teams may be scattered across the globe, clarity in communication is more important than ever.
Governance over governance
As a model moves from development to validation, approval, and then implementation, information changes hands and objectives shift. While the duties and expertise of the parties responsible for each step of the model lifecycle differ at a granular level, they share a common high-level goal — model risk reduction.
The three lines of defense, a structured approach to MRM that divides jurisdiction of the model lifecycle into discrete conceptual functions and teams, aims to reduce model risk by clearly delineating tasks and accountabilities:
- First line of defense: Model developers, who ensure that models are accurate, robust, and fit for purpose.
- Second line of defense: Model validators, who independent from model developers provide oversight via governance frameworks, ensuring that MRM principles and guidelines are followed.
- Third line of defense: Auditors, independent from both model developers and validators, who are responsible for a comprehensive review of the MRM processes and controls implemented by the first and second lines.
In an ideal world, these three lines of defense are able to collaborate seamlessly to demonstrate conscientious understanding of model uncertainties and how they can be accounted for. Furthermore, processes and controls defining expectations for each part of the model lifecycle need to be proportionate to the complexity of each model’s usage, meaning that resources need to be allotted for administration of the governance itself.
A competent MRM framework not only correctly reflects model risk appetite, or the amount and type of risk an institution is willing to take, but also outlines the process and requirements to assess, manage, and report on model risks throughout the entire lifecycle on top of adhering to current regulatory guidance.
Effective challenge should be effective
An often overlooked element of model risk is something Juan Martinez, a Machine Learning Engineer at ValidMind, aptly calls a kind of culture risk: a mismatch of expectations, processes, and mindsets between the three lines of defense. When we consider that a guiding principle of strong MRM is a well managed effective challenge process, reducing culture risk becomes a paramount task.
With each change in guard during the model lifecycle, culture risk is amplified. Most of us are familiar with the game of “telephone,” where a message becomes comically distorted as it is passed along from one person to another, becoming nigh unrecognizable by the end. A veritable poster child of the philosophy behind epistemic reliability, which poses questions about how faithful information may be depending on the trustworthiness of the processes, methods, or systems through which we acquire it, and oft an allegory for the inherently erratic nature of communication.
Herein lies our paradox: effective challenge is key to reducing model risk, but the exercise itself is especially susceptible to culture risk, as it relies on input from independent stakeholders. It also necessitates the transfer of information between parties — information that should be credible and comprehensive. While there are no perfect solutions, teams can minimize the chance of miscommunication by reducing the frequency that information is transformed as it is transmitted, and by ensuring that processes accommodate for a margin of error.
Process protects people
The deadliest flight disaster to date mars Tenerife’s sandy cerulean shores: in the spring of 1977 an imperfect maelstrom of meteorological mayhem, human misconception, and procedural mishap changed the way the world perceived protocol, communication, and risk management. From the ashes of this tragedy arose the implementation of standardized communication in high risk industries such as aviation and healthcare, improvements to infrastructure and regulation with a focus on proactive risk identification, and most revolutionary of all — a cultural shift in how we regard error and accountability. Failure is a feature, and flexible processes insulate people from the fallout.
In finance, lives may not be at stake, but livelihoods are; the list of capital catastrophes in this century alone reinforce the need for stronger governance and regulation, more sophisticated risk management systems, and greater transparency. Policies like SR 11-7 authored by the American Board of Governors of the Federal Reserve, the Bank of England’s SS1/23, Guideline-E23 from the Canadian Office of the Superintendent of Financial Institutions, to name a few — all aim to serve as lodestars for financial institutions. These regulations provide strategies and instruction on how to properly manage model risk. Furthermore, the landscape of model risk is changing rapidly, as quickly as large language models (LLM) have metamorphosized since their introduction in 2018, leading to AI-specific directives such as the European Union’s Artificial Intelligence Act that came into effect this last August.
No matter the model or use case, embedding objective measures and metrics into the MRM process is essential to successful effective challenge and, in turn, to reducing culture risk; organizations require well-rounded tools to assist them with evaluating progress in clear and quantifiable ways.
A united defense
Imagine a tool purpose-built for model developers that automates the model documentation process and streamlines production, allowing developers to create accurate and robust models with comprehensive supporting documentation in record time. Now, visualize a tool purpose-built for model validators used to effectively challenge models and assess compliance with regulatory requirements, empowering validators with detailed findings, clear evidence, and unambiguous documentation and guidelines. Finally, design a tool purpose-built for auditors, who can review the entire MRM process and established controls via customizable reporting and an exhaustive and centralized model inventory.
The ValidMind AI risk platform encompasses all these requirements into one interconnected suite of tools, allowing organizations to effectively assess, manage, and report on model risks throughout every step of the model lifecycle in accordance with regulatory guidance as a cohesive unit. Extensible and customizable, with real-time collaborative features enabling developers, validators, auditors — and even external stakeholders — to share and review documentation, test results, findings, analytics, and more with ease and transparency, ValidMind is a solution purpose-built for model risk management. With fully configurable workflow functionality allowing teams to design governance protocols proportionate to the complexity of each model, and intuitive LLM resources including test interpretation, qualitative checks, risk assessments, and beyond, ValidMind unites the distinct processes of the three lines of defense in pursuit of minimizing model risk.
ValidMind connects model risk management teams, allowing them to test, document, validate, and govern any model in tandem with speed and confidence. Learn how to seamlessly integrate ValidMind with your existing tech stack and streamline compliance today by scheduling a demo.