Typically firms make one of these three mistakes –

1. The policies and procedures are 
too broad and over-simplified.

2. The policies and procedures are 
way too detailed and over-complicated.

3. Failure to execute the policies 
and procedures that are necessary.

First and Second are the extremes of the policies and procedures spectrum.  Either case makes it difficult to show that actions comply with the guidance. First, because too much is left to interpretation, which leads to confusion, and, second, because there is too little consistency, which leads to confusion, too.

Frequently, the former comes off as simplistic whereas the latter appears academic, out-of-touch, bureaucratic or irrelevant. (Kind of like counting the number of model risk angels that can fit on the head of a pin.) Policies and procedures should satisfy Goldilocks: neither too big or too small, too hard or too soft.

The third type of governance mistake is the failure to execute (what may otherwise be) sound policies and procedures. Frequently these failures exist in the governance function itself, particularly in validation. The causes of this type of failure include: (i) a lack of commitment by executive management; (ii) the unwillingness of governance and validation managers to perform their responsibilities per the governance framework; and (iii) the inability of the validation staff to perform credible inspections.

Our Advantage

We can write each component of an overall governance framework and help solve all types of problems through well-designed communication, training, and staffing services. While building and implementing an appropriate model risk governance framework may seem expensive, it is important to realize that it is a long-term investment that will lead to better strategic and operating decisions through both more effective and efficient model development: better, more adaptable models at lower costs.