Fair Isaac Corporation

07/29/2024 | Press release | Distributed by Public on 07/29/2024 04:24

How to Meet New Model Risk Management Guidelines

Supervisory Statement 1/23 (SS1/23) came into effect on Friday, May 17, 2024 from the Bank of England. It sets out the Prudential Regulation Authority's expectations for banks and their model risk management systems - specifically to ensure accuracy, reliability, and integrity of models.

The statement applies to IRB firms only (internal ratings based under Basel II) but the Bank of England suggests that non-IRB firms may also find the principles useful. This comes as consumer demand for transparency and the removal of bias from AI models is growing rapidly.

The purpose of SS1/23 is to urge financial institutions to strengthen their model risk management policies, procedures, and practices, in order to identify, manage, and control the risks associated with the use of all models across the bank. The principles within the guidance provide a strong benchmark for any firm thinking about the way it manages model risk - not just for UK IRB approved firms, but for any firm with materially impacting processes which have a reliance upon models, regardless of IRB status, industry or region.

What Does Supervisory Statement 1/23 Say?

SS1/23 is principle-based and therefore provides opportunity for varied approaches to allow for differences such as complexity and materiality. However, it is very clear in its definition of a model, which has a broad scope:

"Quantitative method that applies statistical, economic, financial or mathematical theories, techniques and assumptions to process input data into output."

Such a broad scope means that firms should be considering models that may not be immediately obvious as being in scope - such as those used within pricing, provisions and fraud. The focus clearly needs to go way beyond just IRB capital models or those involved in credit risk decisions (e.g., application scores, affordability models and collections scores).

In addition to a broad scope for model types, the guidance also applies across the full model lifecycle and details principles covering:

  • Model identification and risk classification

  • Governance

  • Development, implementation, and use

  • Independent verification

  • Model risk mitigants

Why Is SS1/23 Important?

Due to the broad scope of the supervisory statement, SS1/23 will impact multiple areas within a firm. In particular, principes 3.6 and 4.3 require firms to think about supporting systems and process verification as follows:

Principle 3.6 - Supporting Systems 

Requires models to be implemented into systems or environments that have been thoroughly tested for that purpose and should be subject to rigorous quality control and change processes. Firms should also periodically reassess the suitability of the systems for the model purposes and take appropriate remedial action as needed to ensure suitability.

Principle 4.3 Process Verification 

Requires firm to assess whether the system into which models are implemented enables the model to work as intended. Specifically:

  • Does the input data meet data quality and reliability standards?

  • Are calculations implemented accurately, controlled and auditable?

  • Are the reports, based on model outputs accurate, complete, informative and appropriately designed for the intended use?

What this Statement Means for Firms' Model Risk Management?

These principles, combined with the broad model definition, mean that firms should be thinking about how they operationalize and manage models which may typically be classified as "back office" or "non-customer-impacting" and are therefore often surrounded by manual processes and supported by business teams.

Firms should be asking whether an Excel sheet or coded script executed by an analyst provides the appropriate level of rigor, audit, transparency and reliability for the model's purpose. While often the path of least resistance at initial implementation, these approaches are usually accompanied by higher risk of error and are more likely to have key person dependencies and lower levels of transparency and audit. To align with the guidance provided by the Bank of England, it's crucial for firms to consider the implementation of models which have a material impact on their operations, within a system that allows for proper governance and is supported by rigorous change control processes.

This is where technology can support strong alignment with the Bank of England's guidance. Whilst already commonly used for decision management across the customer lifecycle, this technology can also help mitigate the risks associated with the execution of models, to provide timely, accurate outputs. FICO Platform can support:

  • Automated data processing and transformations with:

  • Batch and real time execution

  • Data quality controls built in

  • Fully audited history of job execution

  • Full change audit of the job process

  • Automated execution of derived characteristics

  • Safe management of model structure, parameters and calculations with:

  • Full audit history of logic

  • Transparency of calculations

  • Bulk testing and record keeping

  • Centralization of key, material models - making model components and outputs sharable, which can support banks in meeting the IRB Use Test

  • Cloud architecture that ensures execution reliability and scalability

  • Reporting, with all input and output data, that supports:

  • Model monitoring

  • Production of intuitive report for regulatory and operational reporting (Pillar 3 disclosures, etc.)

FICO Platform enables all the above to support IRB firms seeking to meet the supervisory statement, as well as non-IRB firms who are interested in adopting a best-practice approach in the management and execution of key models across their business.

How FICO Can Help You Manage Models and Analytics