What Does the Guidance on Model Governance Say? A Closer Look at the New Supervisory Guidance from OCC/FRB

In a recent post, "New Supervisory Guidance for Model Governance," I considered the lack of guidance specific to model governance by OMB and FASAB and how federal risk managers are instead turning to supervisory guidance. In the wake of the financial crisis, the Office of the Comptroller of the Currency (OCC) , Federal Reserve Board (FRB), and Federal Housing Finance Agency (FHFA) released new guidance for regulated financial institutions and FHFA’s “regulated entities.” Each document can be interpreted and tailored to federal risk managers as they govern their models.

In this post, I will take a closer look at the new supervisory guidance from OCC/FRB and FHFA and offer a deeper dive into governance framework issues.

FRB SR Letter 11-7 & OCC Bulletin 2011-12

Following a series model validation guidelines, OCC and FRB jointly refreshed their guidance (adopted as OCC Bulletin 2011-12 and FRB SR 11-7) to broaden the scope of model risk management from model validation to include model development, implementation, use, governance, and control structure.

This guidance requires financial institutions to identify the sources of model risk, assess its magnitude, and establish a framework to manage it. The guidance addresses three elements, summarized below. I take a deeper dive into the last one, governance framework:

1. Model development, implementation, and use emphasizes early state development and technical expert involvement throughout the process. This element of model governance requires rigorous assessment of data quality and thorough documentation.

2. Model validation is a set of processes/activities intended to verify that models are performing as expected, and that potential limitations and assumptions are identified and possible impact assessed. All model components, whether developed in house or purchased through vendors, should be independently validated.

3. Governance framework places an emphasis on management oversight, delegation authority, and effective policies and procedures governing the model-risk management program. This is where the guidance has the greatest relevance to federal risk managers.

Deeper Dive into Governance Framework

When addressing the final item, governance framework, there are number of specific issues to consider:

• Senior management should: establish a strong model risk management framework; establish policies and procedures; ensure compliance; assignment of competent staff; oversee model development and implementation evaluate model results; ensure effective challenge; review validation and internal audit findings; and take prompt remedial action when necessary.
• Policies and procedures should govern all aspects of model risk management, including: model risk definitions; assessment of model risk; acceptable practices for model development, implementation, use; appropriate model validation activities; and governance and controls.
• Roles and responsibilities of the model owner and business unit should be clearly defined, with reporting lines and incentives clearly defined.
• Internal audit processes should assess the overall effectiveness of the model management framework and report any findings directly to senior management. Internal audits should also verify that acceptable policies are in place and that model owners and controls groups comply with those policies. These processes will ensure that model validation is conducted properly and appropriate effective challenge is carried out.
• External resources may conduct activities such as model validation in support of internal audit.
• Comprehensive model inventory should be maintained to include: the model’s purpose and products; type and source of inputs used and underlying components; model outputs and intended use; model’s operating status; individuals responsible for various aspects of the model development; and validation and dates completed and planned validation activities.
• Documentation should be sufficiently detailed such that parties unfamiliar with a model can understand how the model operates, as well as its limitations and key assumptions. Successful documentation should also provide for continuity of operations, transparency of policy compliance, and tracking recommendations, responses, and exceptions.

This comprehensive supervisory guidance can be applied in the federal space. However, federal risk managers should customize their model risk management framework based on the extent and complexity of model use and their level of risk exposure.

In our next blog, we will be discussing guidance on risk model governance from Federal Housing Finance Agency (FHFA) Advisory Bulletin (AB) 2013-07. In the meantime, check out Summit's past posts about federal credit.