Updated: Dec 10, 2019
Model risk management regulation in the US and Europe – fake twins
The regulation surrounding MRM in the US is different to the one in Europe, and we believe some of those differences are directly linked to some of the challenges financial institutions face on a day to day management of model risk.
But what exactly are those differences and what challenges do they bring to institutions? And more importantly, what opportunities lie ahead and how can banks become more resilient in this time of constant regulatory change?
MRM in the US was first formalised in 2011 by the Federal Reserve Board (FRB) in conjunction with the Office of the Comptroller of the Currency (OCC) through the Supervisory Guidance on Model Risk Management (SR 11-7).
In Europe, in particular in the European Union (EU), the landscape is a lot more diverse. The foundation was laid out on the Capital Adequacy Directive (CAD) in 2006 following the adoption of Basel II in 2004. Subsequent guidance in Europe was produced by the European Banking Authority (EBA) – the Regulatory Technical Standard (RTS) on the assessment methodology for IRB models – and the European Central Bank (ECB) – the Target Review of the Internal Model (TRIM) guide.
Institutions with a presence in both geographies have challenges in dealing with both regulatory landscapes.
One common issue is the existence of different MRM policies – usually a Global policy and multiple regional policies that may not always be consistent. Having to manage different teams in different jurisdictions with different / mixed reporting lines and with different skill sets complicates things further.
Another common issue is the existence of global models used in the context of multiple geographies. While model development should incorporate geographic factors, it is not always possible to do it effectively.
Does Brexit change anything?
The impact of Brexit on Model Risk Management has not been formally discussed, but requires some attention since MRM depends on regulation, which could change with Brexit.
At least for now, or during the transition period, the UK will align itself with the EU. But will it always be the case? What happens when regulations change? The CRR was updated in May 2019 with the publication of CRR II – will the UK keep its alignment and follow it after Brexit?
Any scenario where regulation changes making the UK no longer fully aligned with another jurisdiction, will create challenges for institutions, particularly for those headquartered in the EU as the european regulators may increase their pressure for MRM to be repatriated.
So how different are these regulations?
SR 11-7 is a 15 pages document describing the key aspects of MRM. The definition of Model is very broad and includes the traditional credit, market and counterparty credit risk models, but also impairment, stress testing, BSA/AML and even HR models.
The guidelines cover all aspects of MRM but in a non-prescriptive way, giving institutions the responsibility for interpreting the information.
The EBA’s draft RTS on the assessment methodology for IRB models was designed to ‘(…) specify the assessment methodology competent authorities shall follow in assessing the compliance of an institution with the requirements to use the Internal Ratings Based Approach.’
The TRIM guide in particular contains a section dedicated to ‘general topics’ which is similar in scope to the SR 11-7. It also describes specific expectations for credit, market and counterparty credit risk models covering many areas in detail.
And how do they compare?
How this impacts MRM practices
US teams need to consider a broader set of skills due to the wider scope of models considered.
The differences in regulation also impact how a risk-based approach is rolled out.
In the US, the risk-based approach is predominantly determined by the need to consider all areas where models have been identified and added to the model inventory. In Europe, a risk-based approach predominantly prioritises the frequency and depth of validation over the scope of models.
Differences in regulations also impact the visibility of the independent review teams.
In the US, teams need to engage with virtually all areas of the institution whereas in Europe the engagement is concentrated in risk, finance, FO and audit.
These differences in regulation also create challenges to manage different regulatory expectations, particularly for banks with presence in both sides of the Atlantic.
So…what do I need to do?
Embrace the differences in regulation and use them to your advantage. Not just because it is the right thing to do, but also because it may leave you in a better, stronger position.
1. Regulation-wise, you can start by harnessing the vagueness of one regulation by using the other regulation as a sounding board.
2. You can also seize the opportunity of Brexit to lobby for better MRM regulations in the UK.
3. Centralising MRM decision-making as much as possible is also recommended, despite an ever-growing pressure for European based institutions to repatriate their MRM teams to the EU.
In conclusion, is it useful to centralise MRM?
Yes, and the benefits range from reduced costs to a clearer relationship with regulators in all jurisdictions.
It is our opinion that regulators want a close, direct relationship with stakeholders who they can reliably discuss issues affecting that institution’s risk management, and that they can trust will have enough power to make the necessary decisions. Therefore, any centralisation should take this into consideration.