Article
Unleashing the Economic Power of Generative AI: A New Era of Productivity and Innovation
The traditional approach to model governance in the UK is being challenged by new technologies and evolving industry dynamics. Key factors such as increasing regulatory scrutiny, growing complexity of financial models, geopolitical challenges and a heightened emphasis on risk management have all contributed to this shift.
The traditional approach to model governance in the UK is being challenged by new technologies and evolving industry dynamics. Key factors such as increasing regulatory scrutiny, growing complexity of financial models, geopolitical challenges and a heightened emphasis on risk management have all contributed to this shift.
In May 2023, the Prudential Regulation Authority released their Supervisory Statement (SS1/23) with the accompanying Policy Statement (PS6/23), on the PRA’s expectations for Financial institutions in UK on model risk management. This followed the CP6 consultation paper released in 2022 . In this article we dive deeper into the new guidelines and the implications for affected organisations .
As per the latest update , PRA has categorically defined that the policy will have a bearing only on those firms that use internal models (IM) to calculate their regulatory capital requirements also referred to as IM Firms . The permissions referred to include using internal models to calculate regulatory capital requirements for credit risk (Internal Ratings Based approaches), market risk (Internal Model Approach) or counterparty credit risk (Internal Model Method). For firms that receive their approvals for usage of Internal Models in the near future , they’ll have a time frame of a year to comply with the guidelines.
Non-IM firms also referred to as Simpler Regime firms have been kept outside the scope of this policy note. More clarity is expected from the PRA for the definition outlining a simpler regime firm.
The implication of this policy note comes into force effective 17th May, 2024 for IM firms under the scope of the Supervisory Statement.
The criteria proposed as part of CP6/22 would classify a firm as a Simpler-regime firm if it:
- has less than 15bn in total assets, calculated as a three-year average
- has on-and off-balance sheet trading book business of less than 5% of total assets and no more than £44 million
- is not on the Internal Rating Based approach for calculating risk requirements 2
- does not operate to a specialised business model, such as custody or clearing and settlement services
- has at least 85% of its exposures in the UK
The 5 principles continue to be the mainstay for building an effective model risk management i.e.
Firms have an established definition of a model that sets the scope for MRM, a model inventory, and a risk-based tiering approach to categorise models to help identify and manage model risk.
Firms have strong governance oversight with a board that promotes an MRM culture from the top through setting clear model risk appetite. The board approves the MRM policy and appoints an accountable individual to assume the responsibility to implement a sound MRM framework that will ensure effective MRM practices.
Firms have a robust model development process with standards for model design and implementation, model selection, and model performance measurement. Testing of data, model construct, assumptions, and model outcomes are performed regularly in order to identify, monitor, record, and remediate model limitations and weaknesses.
Firms have a robust model development process with standards for model design and implementation, model selection, and model performance measurement. Testing of data, model construct, assumptions, and model outcomes are performed regularly in order to identify, monitor, record, and remediate model limitations and weaknesses.
Firms have established policies and procedures for the use of model risk mitigants when models are under-performing, and have procedures for the independent review of post model adjustments
PRA has made notable changes as part of the latest policy note and the same are summarised below :
- Remove Potential ambiguity in the responsibilities of SMF (Senior Management Function) on what they are accountable and what can be delegated. More than one SMF may be appointed as is the need.
- Replacing a reference to accounting with financial reporting and clarifying that the intent is for firms to make MRM reporting on the effectiveness of the MRM for financial reporting available to the audit committee
- Reducing the prescriptive nature of some of the wording on model tiering, clarifying that firms can select their own relevant factors to determine model complexity
- Clarifying that subsidiaries using models developed by their parent or group may leverage the outcome of the group’s validation of the model so long as the principles on validation are satisfied;
- Combining some clauses on expectations for models that recalibrate dynamically
- Subsidiaries need to demonstrate that the parent group has implemented a sound MRM framework and ensure that right governance followed.
- Process for applying PMAs should be documented with controls for reviewing and supporting their use
- Need to build processes for raising of escalation of exceptions for model use, performance and control to key stakeholders
- Increasing reliance of AI & ML in models has been highlighted by PRA to result in model risks .Firms need to attain a robust approach towards AI/ML governance.