The views and opinions expressed in this article are those of the thought leader and not those of CeFPro.
By Julian Horky, Head of Risk Controlling, Berenberg Capital Markets
How has automation in model risk management progressed in the last 5 years?
The advancements in automation were just stunning – not only in model risk management but across all areas. Automation really spread into all aspects of the model life cycle and is used by all lines of defense by now.
Models became a core value-adding function in financial institutions. This rise of models reduced more traditional risks, such as credit risk, market risk etc., but it also went hand in hand with an increase in model risk. As a result, model risk became a fundamental threat to firms. With that, firms that have not realized this as of today are the ones that will struggle to be here tomorrow.
The automation of model risk management processes proved itself a great answer to mitigate this increase of model risk while also decreasing cost. Automation essentially triumphed through all lines of defense. While models and their implementations had been automated for a while, leveraging automation in model development, validation and audit were among the most exciting topics in the last years.
What have been the biggest global drivers of automation in model risk management?
Many pull and push factors came together, which led to these stunning advances in automation. Technological advances, such as raw computing power and data availability but also the advent of cloud computing, low-code software, and artificial intelligence, were undoubtedly among the most prominent push factors.
On the other hand, the impact of changing employee skillsets should not be underestimated. In the past, coding skills were often limited to STEM graduates. But more recently, coding has become a standard tool for graduates across all fields. This democratization of coding know-how indeed contributed to the quick rollout of automation within firms and drove the development of tactical solutions and EUCs especially.
On the pull-side, costs and regulatory initiatives were significant drivers. Meeting the stringent requirements of model risk management can hardly be achieved without the support of automation. The number of models and the rigorous requirements around testing, validation, documentation and controls forced model risk management groups to undertake serious industrialization projects – which in many cases excelled.
How should an organisation effectively implement automation processes into their model risk management program?
A strong management buy-in is indispensable for any industrialization program. Communicating clear goals, what is in and what is at stake drive such commitments effectively. Automation projects have easily quantifiable outputs, which should be used to raise awareness early on.
Automation comes with costs and benefits, and every business process is different. As a result, every process requires a unique level of automation dependent on its idiosyncratic features. For example, a critical but stable process that runs multiple times a day is suitable for a higher degree of automation than quarterly processes that change frequently. Developing an automation appetite through a lens that takes costs and benefits jointly into account will deploy automation solutions at the right places – “the low-hanging fruit first”.
I found it helpful to frontload automation projects with a significant amount of business process re-design activities. I’ve seen automation projects fail because the underlying processes were just not suitable for any automation regardless of technology or developer. A simple but effective process re-design often saves the development budget,
What areas of model risk management have been most significantly improved due to automation? And how have they developed?
The automation of model implementation, validation, documentation, and ongoing monitoring was a big step forward within model risk management groups. Model implementations have been successfully deployed in the cloud as well as locally. And while both approaches have advantages, I believe that the cloud will be the go-to solution in the future.
Model validation was particularly a field that witnessed substantial progress in the last two years. It appears that the nature of model validation lends itself very well to automation. Model risk management groups take advantage of the repetitive nature of the validation process and the fact that the same models need to be validated periodically to industrialize model validation.
The automation of documentation is another exciting field that saw significant improvements recently. It is done in various degrees, from simple test statistics pulls and code documentation to more sophisticated use cases of natural language generators.
How do you see automation developing in model risk management over the next 3 years?
Today, we are experiencing the highest degree of automation that we have ever seen. But at the same time, today’s degree of automation is the lowest one that we will see in the next three years. When I look at the past and the developments in automation in MRM, I’m often just amazed and have to keep reminding myself that this is nothing compared to what we will see in the future.
I anticipate cloud computing and models-as-a-service to be a shaping topic in the industry. I’m excited to see how model risk management teams across firms symbiote with different cloud vendors.
On a different note, SR11-7 is celebrating its 10th birthday. It is widely perceived as an incredibly useful framework for banks. Other industries such as the insurance world and asset managers will continue their adaption.
With that said, unlike the previously mentioned trends, the advent of A.I. could be entirely disruptive for model risk management and even models per se. Model developers started to use A.I. algorithms, and we will see more use cases, best practices, standards emerge.
By now, A.I. has made it onto the radar of model risk management groups. These models do not fully fit traditional model risk management policies due to their black-box nature and other learning characteristics. We will see model policies start covering A.I. models, especially around development and validation. As A.I. models gain importance, automation will be even more critical.
How has the pandemic impacted model risk management and what do you see as the future of the discipline?
The pandemic led to model breakdowns across all functions and model types. Financial institutions used overlays and expert judgments to mitigate these breakdowns in the early stages. As a result many models and model components needed redevelopment. The decentralized nature of model development handled the increased workload comparably well when compared to validation.
Newly developed models are entering validation now, and bottlenecks start to form. The existing validation groups and frameworks are overwhelmed and jammed with the number of models. Model validation productivity needs to ramp up, and automation is one solution that institutions will explore.
But the crisis is also an opportunity. The financial crisis of 2008 is now more than a decade ago and the variables, portfolios, correlations, and market mechanics became less representative with each year. The pandemic created a different and more recent shock that allows for refining models and stress scenarios. Financial institutions will incorporate the lessons learned from the pandemic into their models and stress scenarios.
Another lesson learned will come from auditors that witnessed the process and control breakdowns during the pandemic and model risk management groups will need to revisit them.
Julian will be presenting at Advanced Model Risk, which is taking place virtually on March 24-25. Click here to view the full agenda, and register for your complimentary* pass to the event
Have you registered for…
Have you made your free account?