Mind The Gap: Risk Management Model – Best Practices Versus Reality | Mitratech Holdings, Inc
Research presents information that rewards careful reading, including:
- Models, on the whole, are well defined and understood by banks
- Model inventories are widely used and have technology that makes them easy to use.
- That said, not all models are in centralized inventories.
- Not all model owners understand their responsibilities
- The investment favors the development of the model rather than the validation of the model
This idea is fascinating because the picture she paints of the roughly 80 banks, of all sizes, who participated in the research is that MRM regimes are more complex and nuanced than many of them would probably like to admit to their own. peers. Rather than a collection of highly sophisticated, automated and streamlined systems and processes, the reality is that these systems and processes are a compromise between limited time and skills and the need to supplement the budget with other departments.
Who had the most developed MRM frameworks?
The issues raised can be compared to industry best practices as defined by US Framework SR 11 7 and UK SS3 / 18.
The largest banks had the most developed MRM frameworks that closely aligned with best practices. Where the common practice is sometimes deceased best practice was in areas that had more recently adopted modeling as a core capability, like operational risk or credit decision, or even HR. These functions probably had more models outside of the central inventory and made more use of manual processes to handle model validation issues, for example. These present significant model risks for companies.
Who has deviated from best practices (and why)?
Smaller institutions were generally less ambitious in their use of models, remaining primarily focused on credit risk. That said, their lack of budget and skills meant they typically limited their investment in MRM technology, typically using tools like Excel, Email, and Sharepoint. These companies use manual processes where it is best practice to use automation to reduce errors and reduce risk.
There were several reasons why many institutions deviated from best practice. Some were due to the fact that there were not enough staff capable of implementing MRM best practices. It is not surprising that they usually take care of the basic models in the most prominent institutions, perfecting systems and processes that were probably unique and therefore valuable and expensive.
Another problem was Technology. Many newer models have been built outside of the control and influence of the corporate IT function, using end-user and cloud-based capabilities. This situation means that good practices are more difficult to apply or instill, exposing institutions of all sizes to modeling risk.