By Steve Wilcockson, industry manager-financial services, MathWorks
Solvency II stopped short of applying model governance. Sure, EIOPA and regulators ensure appropriate models are applied for capital assessment. However, model governance frameworks have not been fully enforced onto capital and core risk models, or indeed actuarial insurance pricing or pension performance model suites.
Banking has gone further. The Basel Committee incorporated Solvency II-like data governance into the too-big-to-fail BCBS 239 guidance. Then in 2011 the Federal Reserve System announced SR11/7, taking a major step in formalizing model governance in banking, stating that “banking organizations should be attentive to the possible adverse consequences (including financial loss) of decisions based on models that are incorrect or misused, and should address those consequences through active model risk management.
The framework encroached into lots of model types. The term model refers to a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates. Models meeting this definition might be used for analyzing business strategies, informing business decisions, identifying and measuring risks, valuing exposures, instruments or positions, conducting stress testing, assessing adequacy of capital, managing client assets, measuring compliance with internal limits, maintaining the formal control apparatus of the bank, or meeting financial or regulatory reporting requirements and issuing public disclosures.
In other words, models and model risk, according to SR11/7, can impact pretty much any bank function.
Consequently, and encouraged by direct regulations like the ECB’s wide-ranging TRIM [Targeted Review of Internal Models] initiative and the more risk-focused model management Bank of England PRA Stress Test 2017 guidance, banks have for some time reoriented themselves around the “three lines of defense,” the business unit as the first line, risk management team as second line and an independent assurance internal audit-type team as the third line.
At a recent MathWorks event in partnership with the Professional Risk Managers’ International Association (PRMIA), titled ‘Model Governance in Financial Risk Management’, the question was asked whether model governance should be homogeneous across the industry and all its sectors. The response of the panel was that model governance enforcement should equate to the level of risk and historic precedence of the sectors concerned, in other words banks suffer with the legacy of 2007/2008, and that is why they should be more concerned than most.
However, the actuarial professions have had their issues, and given the longer time horizons of their products, pensions and life insurance for example, their model risks are also rather sensitive.
Should actuaries pay attention to such model governance trends? Yes, absolutely, and they can build systems upon the useful data governance aspects of Solvency II. In terms of getting started, insurers and actuaries can think about the following tasks, not unique to the financial service industry but also many of the “high integrity” industries where models and algorithms must not fail, for example on a plane, in a car, or on a medical device.
• Develop a culture of challenge: what alternative methods might be available to calculate the actuarial calculation.
• Consider governance appropriate to the need: a department-specific “real-time” balance sheet assessment has different integrity requirements to a full internal rigorous capital model.
• Ensure all employees and executives understand the impact of poor models. This does not mean they need be model experts or developers, but they should take care to understand and challenge processes that may cause a model to fail or to be incorrectly used.
• Try and be objective with model selection. Do not use a model because it was the subject of someone’s PhD. Understand the full suite of models available, and consider the applicability of all to the appropriate data, scenario and financial problem at hand.
• As with data governance processes, ensure equal model process transparency. For example, clearly document model types and their calibration, and preferably implement in componentized, easily understood code. Also test and (independently) validate both models and software.
As with the guidance from the PRMIA panel, do not assume that one size fits all with model governance. However, do ensure model governance is appropriate to the risk carried by your organization and specifically the financial calculations your actuaries produce.
|