Model risk management: Emerging regulations and gold standards

Executive Summary:

Over the last ten years, there has been significant traction and consultation in the industry to adjust the risk operating structures and processes towards better model risk management (MRM). There are regulatory guidance in the form of US Fed’s SR11-7, ECB’s TRIM and in the UK, the PRA recently released its final policy PS6/23 and Supervisory Statement SS1/23 on model risk management addressing the feedback received on last year’s consultation paper CP6/22. While there are learning opportunities and improvement areas for banks through these guidance, there is also a need to comprehensively understand these and define actions in simple, pragmatic and practical terms.

To structure the ‘MRM challenge’ and summarize key takeaways from the regulations, we have first identified key categories (backbone categories as we define them). Then we have juxtaposed prominent global guidance related to MRM (SR11-7, TRIM and PS6/23 (SS1/23)) across these categories to help define ‘minimum regulation’ and ‘industry-best’ practices.

Additionally, we also provide pointed recommendations on how the risk managers can successfully incorporate changes to their MRM framework in a structured way using the specified backbone categories:

  • Right-sizing model definition and tiering: With expanded use of deterministic quantitative methods and inconsistently defined parameters (relating to model definition), segregating models from non-models is becoming ambiguous. Another aspect is to evaluate model risk tiers, which helps prioritize risk management activities that carry significant risk.
  • Identifying relevant model risks and setting benchmarks across the model lifecycle: Regulatory guidelines on Model Risk emphasize on risks arising due to model inherent inaccuracies or incorrect use of models. But these need to be contextualized to model lifecycle to achieve actionable outcomes.
  • Tracking of post model adjustments (PMAs): Banks are increasingly deploying post-model adjustments (PMAs) and post model overlays (PMOs) to address input and model output limitations. Thus, assessment of the continued relevance and applicability of PMAs and PMOs has become increasingly important.
  • Enabling effective oversight from board: The Board should regularly receive reports on the bank’s model risk profile against its model risk appetite. To exercise effective oversight, boards will need pointed insights as well as steering committees which can help provide the right level of confidence to the board.
  • MRM agility and fitness to business requirements: Regulatory guidance is directional at best, and each bank needs to define and revisit its own MRM standards based on not just portfolio size /growth but also the impact and risks it carries with its use of data-driven decisions.


If you have any questions or would like to discuss the issues raised in the reports in more detail, please contact us.

EXL Contributors:

Manish Dureja - Vice President, Banking Analytics

Vibhu Tomar - Senior Manager, Risk Modelling