The Office of the Comptroller of the Currency (OCC) issued the new Model Risk Management booklet of the Comptroller's Handbook for banks. The booklet can be used by OCC examiners in the supervision of national banks, federal savings associations, and federal branches and agencies of foreign banking organizations. The booklet presents the concepts, general principles, and sound practices for model risk management and aligns with the principles laid out in supervisory guidance on Model Risk Management. It also provides information needed to plan and coordinate examinations on model risk management, identify deficient practices, and conduct appropriate follow-up.
In this booklet, OCC has defined eight categories of model risks for bank supervision purposes: credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation. The use of models invariably presents model risk, which is the potential for adverse consequences
from decisions based on incorrect or misused model outputs and reports. Model risk can lead to financial loss, poor business and strategic decision making, or damage to a bank’s reputation. The risks associated with model use can occur at any point during a model’s development,
implementation, use, and validation. As per the supervisory guidance on model risk management, banks should identify the sources of risk and assess the magnitude of these risks. The booklet also addresses how banks should manage third-party risks in model development. OCC notes that third-party risk management weaknesses related to a bank’s use of third parties providing models or related products and services could increase operational risk, particularly when management does not fully understand a third-party model’s capabilities, applicability, and limitations. The booklet also covers weaknesses in internal controls and emphasizes that security weaknesses, including poorly constructed application program interfaces (API) and weaknesses in the controls for the access, transmission, and storage of sensitive customer information, could expose a bank to increased operational risk.
Keywords: Americas, US, Banking, Comptroller Handbook, Community Banks, Third-Party Risk, Operational Risk, Governance, Internal Controls, API, Regtech, Guidance, Model Risk, Artificial Intelligence, OCC
Previous ArticleMAS Updates FAQs on Securities and Futures Regulations
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The European Banking Authority (EBA) recently published a report that recommends enhancements to the Pillar 1 framework, under the prudential rules, to capture environmental and social risks.
As a follow on from its prudential standard on the treatment of crypto-asset exposures, the Basel Committee on Banking Supervision (BCBS) proposed disclosure requirements for crypto-asset exposures of banks.
The Basel Committee on Banking Supervision (BCBS) and the European Banking Authority (EBA) have published results of the Basel III monitoring exercise.
The Prudential Regulation Authority (PRA) recently issued a few regulatory updates for banks, with the updated Basel implementation timelines being the key among them.
The U.S. Department of the Treasury has recently set out the principles for net-zero financing and investment.
The European Commission (EC) launched a stakeholder survey on the draft International Guiding Principles for organizations developing advanced artificial intelligence (AI) systems.
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.