Modelling perfection?

The Prudential Regulation Authority (PRA) has released draft Principles about the governance of models that are widely used in banks to assess risk and support business decisions.

UK Finance has responded to the PRA’s Consultation Paper 6/22 on model risk management. This builds on the September 2021 letter from the regulator which expressed expectations that firms should improve their models control environment.

This Consultation Paper (CP), which builds on the US Federal Reserve’s 2011 SR 11-7, proposes five principles for good model risk management. These cover:

  • Model identification and model risk classification
  • Governance
  • Model development, implementation and use
  • Independent model validation
  • Model risk mitigants

We agreed that these were the right Principles and with the PRA’s expectation that they should be implemented proportionately.

However, we were concerned that elements of the draft supervisory statement are expressed in an overly prescriptive way, particularly in relation to the requirement for the board to, in our view, ‘over-engage’ with the model oversight process.

We suggested instead that this should be explicitly delegated to an executive holding a Senior Management Function under the individual accountability regime, perhaps the chief risk officer, but subject to challenge from the appropriate Board sub-committee.

The proposed Principles will apply to all types of models used by PRA-regulated firms, large and small, not just conventional credit risk models. Models that support pricing decisions, anti-money laundering, climate risk analysis and regulatory reporting all appear to be in scope.

Furthermore, the question of ‘what is a model’ appears to be quite widely drawn. We suggested that the PRA should clarify that that complex unambiguous or deterministic quantitative methods are not automatically classified as models.

So non-model tools used by for instance complex spreadsheets, virtually all IT systems and banking infrastructure, end user computer applications as well as all calculations contributing to the financial accounts should not be subject to the principles.

Models deploying artificial intelligence (AI) and machine learning (ML) are particularly identified as requiring oversight as these new techniques become more prevalent.

An unintended consequence of an overly broad model definition could be that firms end up using fewer models, particularly on lower margin portfolios, or even dropping their deployment completely.

In addition, we commented that while broadly supporting the PRA’s proposals, given that models are most widely used by internationally active banks the PRA should encourage the Basel Committee on Banking Supervision to develop globally applicable model governance standards in due course.   

All firms will have to undertake a gap analysis against the rules within 12 months of the publication of the finalised Supervisory Statement. This will have to be updated annually. We expressed concern that some less large firms that do not currently use models for capital calculation purposes will find this more difficult. This is especially if they require third party support, which we expect to be scarce. Firms should take heed of this potentially onerous requirement, and plan to undertake the work they anticipate arising from this CP sooner rather than later.