A spectre is haunting Europe – the spectre of model risk. Launched in 2016, the European Central Bank’s (ECB’s) Targeted Review of Internal Models (Trim) has forced a step-change in attitudes among European lenders towards ensuring their capital models are fit for purpose. In keeping with other regulators worldwide, the watchdog’s team of inspectors is visiting banks to check everything from internal governance processes to the data inputs that underpin modelling assumptions.
If the early evidence from the review is anything to go by, banks still have significant work to do to get their houses in order. The latest set of findings, on the safety and soundness of banks’ market risk models, landed in April – and made for grim reading. Of 30 banks that had been subjected to supervisory visits, the ECB found, on average, 32 issues with modelling practices – with, on average, nine issues deemed severe.
The review is already proving costly to lenders – and not just from a compliance point of view: ABN Amro cited changes made to its modelling practices as driving a €1.3 billion jump in credit risk-weighted assets during the first quarter of this year – implying the regulator thought its models were not adequately gauging the credit risk in its loan portfolios previously, necessitating a top-up.
For global lenders, Trim followed hot on the heels of the US Federal Reserve’s SR 11-7 guidance on model risk management (MRM) – published in 2011, though not enacted until 2012. Where Trim is, as the name suggests, targeted in scope, SR 11-7 is broad enough to capture anything that looks like a model within a bank, from a value-at-risk model to a simple spreadsheet-based factor model.
In reality, of course, Trim was a politically motivated project – partly designed to keep pace with SR 11-7, but also to shore up confidence in the use of internal modelling among European watchdogs keen to have some collateral to back their pro-model stance during the final negotiations over Basel III. In the opposing camp were US regulators – distrustful of internal modelling practices in the wake of major failings revealed during the financial crisis, and preferring instead the use of revised standardised approaches where possible, as well as an output floor to bind internal model estimates to these.
All of this has meant a compliance headache for banks, and a huge spend on hiring or redeploying quants from model development to risk management and validation teams. Quants don’t come cheap, nor do the army of consultants brought in to oversee the process. Sources tell tales of one US bank that attempted to lower costs by cutting as many PhD model quants as it could, and replacing them with master’s graduates – only to be red-flagged by its regulator.
While some of the changes to validation practices have required quant upskilling, much of the change has been around people and processes – motherhood and apple-pie operational risk practices such as establishing independent oversight and effective challenge during the model development
and deployment phases.
Anne-Cécile Krieg, deputy head of MRM at Societe Generale, notes that the mindset has shifted. All three lines of defence should be responsible for MRM; previously it tends to have been left to the second line of defence. Now there are specific roles allocated across the three lines and it is fully embraced and embedded. With MRM, there are a significant number of stakeholders in the first line of defence, including the designer of the model, the person implementing it, the users and those tasked with surveillance. Now, all of those roles are identified in the first line, with increasing emphasis on users and the model owner roles.