Quantification and management of model risks against the backdrop of current regulatory requirements

Initial situation and current issues

An increasing number and importance as well as simultaneously a growing complexity of models can be observed in bank management. Despite even more regulatory requirements, however, there is no common market standard for the exact definition and management of model risks in the European area.

Apart from the lacking market standard, “silo mentalities” often prevail in the management of model risks in the different areas of banks, i.e. valuation models and risk models are examined in different organizational units. A defined standardized concept and framework for the simultaneous treatment of model risks arising from valuation models as well as from risk models in order to prevent a double measurement of model risk on risk bearing capacity side and risk side in the ICAAP.

Due to the increased regulatory requirements and the lacking market standard for managing model risks, specific questions arise from bank perspective:

• How can the handling of model risk be integrated in the bank’s processes?
• How can model risks be defined, recognized and measured?
• How can regulatory findings related to model risks be avoided?

Fields of application and regulatory requirements for the model risk

A number of different facets have to be considered for model risks. In addition to the model reserves and valuation adjustments required in accounting due to model weaknesses and unobservable parameters, different fields of application result in risk control. Both the regulatory pillar I capital requirements for model risks from internal models and the pillar II capital buffers defined within the ICAAP for identifying the risk coverage capital have to be considered.

The regulatory requirements are enshrined in national and international requirements and laws (see Figure 1).

Figure 1: Regulatory requirements for model risks

First, not yet specific statements are made in the MaRisk (German regulatory requirements) and CRR / CRD indicating instructions for analyzing and measuring model risks.

These requirements are deepened by means of a direct link of model deficiencies and capital requirements for risk backing within ICAAP in the SREP guidelines (EBA: “Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP)”, 2014).

Due to the explicit instruction for measuring model risks and considering these risks during the analysis of regulatory capital by means of valuation adjustments, the identification of model risks of valuation models is required in the EBA publications on “prudent valuation” (EBA: “Regulatory Technical Standards on Prudent Valuation”, 2014).

Understanding the “model risk” term in compliance with supervision is of high importance within this context. A comprehensive definition of the term is provided in the CRD. Here, “[…] a ‘model risk’ means the potential loss an institution may incur, as a consequence of decisions that could be principally based on the output of internal models, due to errors in the development, implementation or use of such models” (article 3, paragraph 1, number 11 of CRD IV).

Contrary to European regulations, comprehensive statements on model risk are made in American laws defining a framework for dealing with model risks (Board of Governors of the Federal Reserve System and Office of the Comptroller of the Currency: “Supervisory Guidance on Model Risk Management”, 2011). These requirements don’t actually represent European law, but provide a possible outlook what detailed general instructions in regulatory issues can look like.

Implications: Establishing a model risk framework

Different implications and fields of action ensue from the regulatory basics where the integration of a comprehensive model risk framework in existing processes and the organization of the bank represents a relevant possible solution.

The model risk framework is to be embedded in the general risk management framework of the bank and has to especially contain the central requirements for governance and policies, quantification methods, roles and responsibilities, documentations and corresponding processes (see Figure 2).

Figure 2: Model risk framework

In the model risk framework, banks have to implement and define their governance for the model risk within policies—be it in a central “model risk policy” or by integrating selected contents in the already existing policy structure. Within this context, the model risk policy and the contents related to the model risk are to comprise guidelines for dealing with model risks and requirements for analyzing these risks. The specification of managing and monitoring model risk management processes as well as standardized definitions of the model and model risk are only a few examples.

The model risk framework also contains the specification of quantification methods. In addition to methods for qualitatively estimating the model risk, also procedures such as scenario or sensitivity analyses and confidence level calculations are defined.

Corresponding roles and responsibilities are to be designated in the framework. A model risk management function has to be established and the responsibilities for the different phases of a model have to be determined (model developer, owner, tester, user, approver).

Apart from the definition of relevant guidelines for dealing with model risks in governance, the quantification methods and the setup of roles and responsibilities, related documentations in the model risk framework are to be established. Amongst them are, for example, a documentation of the model (risk) inventory or documentations of model descriptions and user manuals of the models.

Relevant processes for analyzing model risks have to be set up in the model risk framework and the consideration of model risk-specific perspectives in relevant process steps has to be ensured. Suitable quantification methods are to be developed within the processes and the model risk-relevant aspects are to be taken into account in the relevant process steps of the model life cycle.

Analyzing model risks based on the model risk framework

Based on the elements enshrined in the framework, the analysis and assessment of model risks required by regulations can be carried out. The annual model (risk) inventory is an integral part of the model risk quantification in which the models used are typified by means of a qualitative categorization. It is made in the form of an examination of significance of each model with the help of a classification in three dimensions

• Model complexity and model assumptions
• Influence of model results on decisions
• Economic consequences of model results

This categorization indicates the significance of valuation and risk models resulting in different requirements regarding the analysis and quantification of model risks as well as a possible setup and provision of capital buffers or model reserves (see Figure 3).

Figure 3: Procedure of analyzing model risks

It is differentiated between models with insignificant model risks (1), models with potential model risks (2) and models with significant model risks (3). Irrespective of the estimation of the model by means of the typification, an annual examination of significance, i.e. a re-categorization is to be conducted for defining the further procedure accordingly.

In case of models with potential or significant model risks (categorization (2) or (3), further need for actions arises with regard to analyzing model risks in addition to an at least annual, comprehensive model validation.

The qualitative analysis of the model risks and the corresponding risk sources (e.g. imprecise model assumptions, incorrect model implementation, etc.) can be made by means of analysis catalogs, i.e. standardized questionnaires for qualitative estimates of the model components. The sources of the model risk are examined and categorized within this context by their potential risk contribution.

After the qualitative categorization, the model risks can be quantified based on their causes. This quantification can either be made with the help of scenario or sensitivity analyses, benchmarking or by using different confidence levels in corresponding calculations. Apart from the quantification of model risks, also strategies for risk mitigation (e.g. additional validation requirements) can be developed.

Model risks can be integrated for risk models by establishing risk premiums (capital buffer) or directly by means of a conservative model parameterization which will lead to an increase of the regulatory and economic risk capital need. This permanent capital strain due to capital costs leads to an indirect charge of the bank performance.

Model risks are either integrated through model value adjustments / model reserves in case of valuation models or directly through conservative valuation procedures. The valuation adjustments have an immediately equity and P&L effect in case of business transactions. In the course of business, a write-up can often be observed through reserve reduction. This leads to a temporary equity and direct result implications.

Conclusion / prospects

Due to the increased regulatory requirements and a rising influence and use of models in bank management, model risks are to be managed with the same demand as “traditional” risk types. Since the model risk does not adhere to these “traditional” risk types, i.e. can be observed beyond all risk types, a special framework across all risk types and all valuation and risk models has to be established and harmonized with the existing framework. Therefore, a close, cross-divisional cooperation in the banks, in particular from risk control and accounting, is necessary.

In order to define a compliant and consistent use of the model risk, in particular a typification and qualitative analysis of bank-internal used models is decisive. Additional activities for using model risks in the risk inventory ensue and possible decisions on the provision of capital buffers and model reserves can be derived. Increased requirements especially result for the validation activities and results of banks, since in future capital buffers and model reserves can be prevented in IFRS, ICAAP and CRR through additional stress tests, simulation calculations and an adequate risk controlling.

Thus, both regulatory findings and possible double backing of model risks can be avoided and bank-internal, standardized views on the model risks or risk and valuation models can be established.