Model Risk: The new risk on the block 



Kevin McElroy.jpg


Kevin McElroy

Vice President - Regulatory and Risk Management

  • Linkedin - Kevin McElroy
  • Facebook - FinTrU
  • Twitter - FinTrU
Thursday 18 July 2019

From the Libor Rigging scandal to rogue trading, financial institutions continue to suffer from apparent risk management inadequacies that result in considerable financial penalty and reputational damage. Consequently, financial institutions operate under intensified global regulatory supervision and must periodically evidence strong governance frameworks and controls.

Model Risk is emerging as an understated and costly challenge borne out of the new world order of stringent regulatory demands. The Securities and Exchange Commission (SEC) outlines Model Risk as occurring when “A financial model is used to measure quantitative information such as a firm's market risks or value transactions, and the model fails or performs inadequately leading to adverse outcomes for the firm.”(1)  

As banking becomes more competitive and covers an increasing range of non-traditional activities, there is heightened reliance on accurate decision making based on the analysis of high volumes of data. To ensure sufficient levels of profitability, financial institutions must utilise financial models that support revenue growth and enhance corporate strategy.

Regulatory Demands

The most prevalent risk models in banking apply economic or mathematical theory and assumptions to provide comparable projections of regulatory capital and stress testing metrics in order to meet regulatory requirements.

  1. Basel III

Basel III is an international regulatory accord that introduced a set of reforms designed to improve regulation, supervision and risk management within the banking sector. (2)

In practice, Basel III sets the standards as to how banks should measure risk for the purposes of determining capital requirements and liquidity in order to remain solvent.  Banks can utilise bespoke financial models to determine the minimum amount of capital they must hold. However, this ultimately leads to enhanced regulatory scrutiny and cost.

Fig1: Basel III Pillars

base 3.png

Pillar 1: Outlines capital and liquidity requirements for banks arising from Credit, Market and Operational Risk
Pillar 2: Captures risks not identified under Pillar 1 (for example Stress Testing)

Pillar 3: Promotes and encourages transparency on risks exposed within the bank

Stress Testing

Increased stress testing requirements are a regulatory response to the financial crisis a decade ago. The Basel Committee on Banking Supervision (BCBS) introduced stronger stress testing guidelines to ensure financial institutions could meet capital and liquidity needs under stressed market conditions.

Under these regulatory guidelines, banks must define and implement both in-house stress scenarios via bespoke financial models and regulator-defined stress scenarios. The stress testing process will measure the resilience of the bank to adverse scenarios such as severe recession or increased price volatility. The results are reviewed by regulators and released for public viewing. Banks that fail stress testing can suffer reputational damage and be forced to reduce dividend pay-outs to shareholders to preserve capital.

fig 2.png

Model Risk Management

The evolution of Model Risk has required financial institutions to design and build robust risk frameworks and governance processes. These frameworks need to be sufficiently malleable to meet the increasing pace of change in technology and complex regulations.

The concept of Model Risk Management is relatively undeveloped in comparison to traditional risk management practices embedded in credit, market and operational risk. However, there have been some significant developments:

  • 2011: US Federal Reserve published Model Risk Management Principles

  • 2017: The European Central Bank (ECB) Targeted Review of Internal Models (TRIM) Initiative

  • 2017: Prudential Regulatory Authority (PRA) Stress Testing Guidance Letter

The PRA’S Model Risk Management Principles are centred on four key principles (4):

1. To have an established definition of a model and maintain an inventory to outline the accountable senior stakeholders for each model.

2. To implement a robust model development and implementation process to ensure the appropriate use of models.

3. To undertake appropriate model validation and independent review activities to ensure sound model performance and greater understanding of model uncertainties, with restrictions, if required.

4. To implement an effective governance framework supported by policies, procedures, and controls.


Fig 3: Essential Elements of the Model Risk Management Framework (5)

fig 3.png

Business and Regulatory Alignment: Ensures strategic alignment of Model Risk Management with key business priorities and demands set by regulators. Focuses on bespoke models tailored to the trading activity and evolving risk profile of the bank.

Due to the global reach of banking, interpretation of regulations can differ between national regulators, for example: PRA in UK, SEC in USA, BaFin in Germany or JFSA in Japan. It would be excessive to expect a global entity to implement independent models for each regulator, therefore, enhanced regulatory liaison and communication to agree specific parameters is vital to success.

Supporting Documentation: Models used for regulatory capital calculations and stress testing must function with strong governance, oversight and detailed frameworks supported by policy which, in turn, must be refreshed on a periodic basis.

Any model restrictions and validation process must be captured and ensure compliance with model outputs agreed with each regulator.

Enabling Technology: Model Risk Management will mature as regulators and industry best practice becomes more advanced. Investing in flexible technology that can incorporate the continual changes in regulation and corporate strategy is key to minimise disruption and costs.

Programme Management: Effective Model Risk Management is time intensive and requires specialised skillsets, for example: model validation which has developed as a response to model risk. To ensure successful delivery of model validation and governance, it is critical that those involved have defined roles and responsibilities, with clear independence of the validation process.



As outlined by the Federal Reserve, banks need to be aware of the possible negative consequences, including financial loss, of decisions based on models that could be incorrect. (6) To ensure oversight and recognition at all levels of the risk management lifecycle, there are specific actions that could be implemented:

  • Incorporating Model Risk Management into the risk appetite statement to ensure necessary governance structures are built out and controlled through to the highest levels of oversight.

  • A defined strategy around Model Risk supported by a transparent framework can allow institutions to better align business goals to ensure reduced costs, capital efficiencies and more cohesive decision making.

  • Model Risk Management functions must ultimately improve the efficiency of the underlying model development process. This will prevent the process from becoming a sunk cost due to the demands required to build, validate, monitor and coordinate with regulators.

As the macro-environment becomes more complex and less predictable, reliance on accurate models supported by robust governance will only become greater and ultimately more costly if not controlled effectively.









Kevin McElroy.jpg

Kevin McElroy

Vice President - Regulatory and Risk Management

  • Linkedin - Kevin McElroy
  • Facebook - FinTrU
  • Twitter - FinTrU

Kevin is a Chartered Banker and Prince II Practitioner with over 10 years’ experience in Financial Services.


Kevin graduated from University College Dublin with an MSc in Financial Services and holds a degree in Business Studies from University of Ulster.
Prior to joining FinTrU, Kevin worked within the Portfolio Management team for the National Asset Management Agency, Dublin and Allied Irish Bank specialising in Credit Risk Management. Project delivery includes Risk and Regulatory Reporting covering Basel II, CCAR and commercial real estate financing and structured debt.
At FinTrU Kevin is a member of the senior management team with responsibility for a Risk Management project for a London based Tier 1 investment bank client.

About FinTrU


Founded in December 2013, FinTrU is a multi-award winning Financial Services company that is committed to giving local talent the opportunity to work on a global stage with the largest international investment banks. FinTrU provides its clients with high quality, cost-effective, near-shore resourcing solutions. FinTrU’s products are: Legal, Risk, Compliance, KYC, Operations and Consultancy. Its clients are all Tier 1 Investment Banks based in London, New York, Tokyo, Frankfurt and Paris. FinTrU currently employs 360 staff at its two Belfast city centre offices and Derry/Londonderry.