Model Governance
Governance answers the following question: “How do you turn regulatory guidance into consistent, repeatable actions that comply with said guidance?”
For well-written guidance, like SR 11-07, consistency with it can get the firm close to good management and even best practices.
What is Governance?
Firms demonstrate compliance by aligning policies with regulatory guidance, documenting any deviations, ensuring procedures support policies, and maintaining consistent enterprise-wide practices.
While firms may use a single model risk policy, larger organizations often separate development and validation policies. All firms should maintain distinct procedures for development, governance, and validation, with large firms potentially requiring separate procedures for each model type.
We design comprehensive governance frameworks and provide communication, training, and staffing solutions. Though implementing proper model risk governance requires upfront investment, it delivers long-term value through more strategic, efficient development and better, adaptable models at reduced costs.
The Three Branches of Governance
1. Effective Model Risk Management
We can help build all parts of an effective and efficient model risk management program that easily meets supervisory expectations, and do it cost-effectively. We did twice at CCAR banks that were facing intense regulatory pressure.
However, our best advice is: development and rework are expensive; so, demand solid development that delivers transparent, zero-defect models. Good governance doesn’t generate perfect models. It does generate compliant, transparent, cost-effective models–whether they’re built internally or provided by vendors.
2. Risk Management
Turn what too frequently is mere risk reporting into true risk management that leads to prevention, insurance or contingency actions. From top–e.g., board risk appetite frameworks based upon scenario analyses–to bottom, effective governance means clear communication of strategies and tactics to reduce either the possibility of loss or the anticipated magnitude of loss.
Risk management is crucial to both value creation and value preservation and should be managed as such. It’s easy to grow. Sound risk governance provides intelligent growth.
3. Data Governance
Good data governance is far less bureaucratic than it seems. As developers, we know that if the data set is good enough for modeling, then its good enough for every other use. The only question is how to formalize it.
The answer is by matching data suppliers with data demanders, i.e., users, in transparent, formal and efficient ways. Data governance shouldn’t be about satisfying regulatory requirements. It should be about turning facts into reliable and representationally-faithful information, which is a, if not the, source of a firm’s competitive advantage.
Three Common Governance Mistakes
Policies and procedures should satisfy Goldilocks: neither too big or too small, too hard or too soft. We typically see firms making one of these three mistakes:
1 Over-Simplified
The policies and procedures are too broad and over-simplified.
This makes it difficult to show that actions comply with the guidance because too much is left to interpretation, which leads to confusion.
2 Over-Complicated
The policies and procedures are way too detailed and over-complicated.
This creates too little consistency, which also leads to confusion. It often appears academic, out-of-touch, bureaucratic or irrelevant.
3 Failure to Execute
Failure to execute the policies and procedures that are necessary.
These failures often exist in the governance function itself, particularly in validation. The causes include lack of commitment by executive management, unwillingness of managers to perform responsibilities, and inability of validation staff to perform credible inspections.