PRA Consults on Model Risk Management Principles for Banks

The proposed supervisory statement is intended to support firms to strengthen their policies, procedures, and practices to identify, manage, and control risks associated with the use of models, developed in-house or externally, including vendor models, and models used for financial reporting purposes. The proposed statement is structured around five high-level principles designed to cover all elements of the model lifecycle. The principles are designed to complement, not supersede, the existing supervisory expectations that have been published for selected model types. The proposed principles set out what PRA considers to be the core disciplines necessary for a sound model risk management framework to manage model risk effectively across all models and risk types. The principles are intended to complement the existing requirements and supervisory expectations in force on model risk management and include proposals for:

• a proportionate implementation within firms and across firms, in particular for firms that would qualify as a "simpler-regime firm."
• the identification and allocation of responsibility for the overall model risk management framework to the most appropriate Senior Management Function (SMF) holder.
• reporting on the effectiveness of model risk management for financial reporting to the audit committee.
• identifying and managing risks associated with the use of artificial intelligence technology in modeling techniques, such as machine learning, to the extent that it applies to the use of models more generally.

The proposed model risk management principles involve:

• Model identification and model risk classification—Firms have an established definition of a model that sets the scope for model risk management, a model inventory, and a risk-based tiering approach to categorize models to help identify and manage model risk.
• Governance—Firms have strong governance oversight with a board that promotes an model risk management culture, approves the model risk management policy and appoints an accountable individual to assume the responsibility to implement a sound framework that will ensure effective model risk management practices.
• Model development, implementation, and use—Firms have a robust model development process with standards for model design and implementation, model selection, and model performance measurement.
• Independent model validation—Firms have a validation process that provides ongoing, independent, and effective challenge to model development and use.
• Model risk mitigants—Firms have established policies and procedures for the use of model risk mitigants when models are underperforming and have procedures for the independent review of post-model adjustments.

PRA proposed that the implementation date would be set at twelve months, following the publication of the final supervisory statement. The expectation is that, by the implementation date of the policy, all firms applying the proposed principles would have undertaken an initial self-assessment against the proposals and, where necessary, prepared remediation plans to address any identified shortcomings. PRA also proposed that self-assessments should be updated annually thereafter and any remediation plans should be reviewed and updated regularly. Both the findings from the self-assessment and the remediation plans should be documented and shared with firms’ boards in a timely manner. 

Related Links

• Consultation Paper
• Proposed Statement on Modeling Risk (PDF)

Keywords: Europe, UK, Banking, Model Risk Management, Supervisory Statement, Credit Risk, CP6 22, PRA, Market Risk, Insurance, Modeling Risk, Regtech, Basel, Stress Testing, ECL