Model Risk Management: Evolution, Landscape, and What’s at Stake

Models deploy into more and more areas of business operations in Finance, Healthcare, Retail, and many other industries bringing benefits to these institutions but also exposing them to greater operational, reputational, and regulatory risks. This is especially true in the Financial Services and Insurance industries, where negative model outcomes can have disastrous consequences on customers’ lives. And with the increased adoption of Machine Learning/AI models, which often involve much more complex, “black box” models, the stakes are higher than ever. Institutions need trusted and robust ways to evaluate and manage model risks.

Model Risks: what they are, why they matter 

Algorithmic models are used in Financial services to drive increased revenues, boost operational efficiency, and deliver improved customer experience and value for the customer. However, when models go wrong, the consequences can be disastrous for the institution and its customers. “Model Risk” refers to the potential for a model to have adverse consequences due to incorrect or misused model outputs and reports. Model Risk occurs for broadly two reasons: 

• A model may produce inaccurate outputs due to fundamental errors in the underlying implementation of the model.
• A model may be misused against the intended business use case and due to its underlying assumptions and limitations may cause inaccurate outputs.

Both reasons for model risks may lead to financial loss, customer harm, and reputational damage, as illustrated in the following two recent models: 

• In 2010, a rogue trader in the UK caused the New York Stock Exchange and US Dow Jones to crash more than 6% and wipe out $1T of value after modifying a trading algorithm to mislead the market. 
• In 2020, Facebook had to issue a public apology after discovering that its algorithm mistakenly disabled advertisements on its platform for small and struggling businesses worldwide.

These issues highlight why financial institutions must have robust and effective tools to manage and mitigate the risks associated with models.

The evolution of Model Risk Management in the Financial Services industry

Before the 2008 financial crisis: model risk management in the financial services industry was driven by “best practices” from modelers. After the 2008 financial crisis exposed the disastrous limitations of that approach, regulators worldwide started issuing specific rules to govern model risk management in the industry.

In the United States, the Federal Reserve Board (FRB) and Office of the Comptroller of the Currency (OCC) issued joint guidance in 2011 on Model Risk Management (SR11-7 and OCC 2011-12), targeting large financial institutions. In 2017, the Federal Deposit and Insurance Commission (FDIC) expanded the same guidance to cover all banks and credit unions with more than $1B in assets. 

Similar guidance has also been issued by regulators globally. In 2017, the Canadian Office of the Superintendent of Financial Institutions (OFSI) adopted the E-23 guidelines, a set of model risk management policies and procedures largely aligned with the SR11-7 standard. Regulators in the European Union (European Banking Authority, European Central Bank), UK (Prudential Regulation Authority), and Singapore (Monetary Authority of Singapore) have also issued guidelines to help govern model risk management efforts at Financial Institutions. 

More recently, Machine Learning and AI models have come under scrutiny due to the exponential risks they may present. Regulators worry about the ability to explain the decisions of “black box” AI models and the challenge of governing the behavior of AI models, which may update dynamically based on the data they are exposed to, leading to increased pressure on the teams tasked with controlling Model Risk. Regulatory initiatives such as NIST’s AI Risk Management Framework, NYC’s AI Hiring law, and the European Union’s Artificial Intelligence Act promise to increase the pressure on organizations (across Financial Services and other industries) to provide robust, transparent technical documentation and validation of their AI models. 

Why Model Risk Management is at a breaking point today 

Starting in 2011, large institutions invested millions of dollars building out MRM and model validation teams and processes (known as ”2nd line” teams in operating lingo), as well as corresponding audit and executive oversight functions (known as “3rd line”) to comply with the regulatory guidelines. Since the FDIC mandate in 2017, the smaller and regional banks and credit unions have also had to undergo the same investment with much more limited resources.

The technology available to manage the MRM workflow and activities has until now been largely limited to Sharepoint, document management, and homegrown tools. Moreover, due to the requirement to keep MRM teams “independent” from model developers, operational and reporting silos were erected between MRM teams and model development teams, limiting information sharing. As a result, traditional model risk management activities have remained manual, time-consuming, and prone to errors. In recent years, the number of models used across institutions has risen steadily (up to 25% per year according to the consultancy McKinsey) while the use of Big Data and advanced analytical methods have made models larger and more complex, putting additional pressure on the bandwidth of model validation teams. Because of the reliance on manual processes and the lack of efficient automation solutions, these teams struggle to address the increased demand for validation and scrutiny of models.

ValidMind asked practitioners at several institutions; a 6-24 week delay for approval from the MRM team to deploy a model to production is a common occurrence, not to mention the potential project backlog before a model validator even gets a chance to look at a project. 

In a survey done by the ValidMind team in collaboration with DeepLearning.ai, “Getting models approved by Model Validation / Compliance” was seen as the most challenging task for data science & modeling professionals working in financial services.

“On a scale of 1 to 5, how challenging do you find the following AI/ML lifecycle-related activities within your organization?” – Average Score responses. 

(Survey of N=20 data science & analytics professionals in Financial Services, August 2021). 

Unfortunately, these challenges with scaling model validation activities hinder an organization’s ability to increase the speed of innovation, quickly deploy models in production, and realize desired business outcomes.

Using technology to power up Model Risk Management functions

To scale efficiently and address the increased demand for transparency and trust in models, model validation/MRM teams need better automation and workflow management tools. Here, agile and automation approaches used in the software development world to embed and accelerate testing & QA into the development lifecycle provide guiding principles that can help financial institutions:

• Leverage technology to automate the most repetitive tasks in the model validation process (e.g. documenting the results of systematic quantitative tests such as data quality tests) and to create more consistency in the way models are evaluated.  
• Embed validation and documentation activities into the model development process (instead of after a model is developed) by providing model validation and model development teams tools to collaborate more efficiently to reduce slowdowns and bottlenecks generated by bureaucracy and communication silos.
• Enforce better documentation standards to systematically record and document model assumptions, weaknesses, limitations, and the trail of decisions and stakeholders involved in developing/approving/deploying a model. This ensures accountability and that all stakeholders’ questions are answered when a model is ready to be approved to move into production.

At ValidMind, we apply those principles to build our technology to help institutions reimagine and boost their MRM activities. Our platform automates the model documentation and validation process and enables efficient information sharing between model developers and model validators.  For more information on how ValidMind can help your organization please visit our website – https://validmind.ai

Author: Mehdi Esmail, © Copyright 2022 ValidMind Inc.

This post was previously published on LinkedIn.