The changing face of compliance risk management: regulatory requirements for independent model validation.
13 Jan 2022
The application of data science and analytics technologies to deliver operational effectiveness and efficiencies in compliance risk management is not a new phenomenon. Increasingly banks and financial institutions are applying digital technologies not only to improve customer experience, but to deliver better returns internally.
What is perhaps a greater challenge to financial institutions embracing the digital and data-led era, is keeping up with governing bodies and the regulator who bring about new waves of important regulation impinging the application of these technologies within compliance risk.
We have long seen the impact of stringent regulation within credit risk and market risk that dictates the implementation of models across processes, however more recently this increased due diligence is being highlighted and more broadly implemented in the world of compliance risk.
In order for financial institutions to maintain a competitive edge and avoid being penalised by the regulator, they must have effective procedures in place to; quantitively and qualitatively prove the soundness and robustness of their models; be able to tune models appropriately; monitor and act on model failures in a timely manner; and independently, without bias, validate their models to prove they are fit for the intended purpose.
In 2017 Riksdag and Finansinspektionen in of Sweden published new and more explicit regulation on the procedures of model risk management in relation to anti- money laundering and counter terrorist financing; one of the first European countries to publish such regulation in this field.
Over the last five years we have seen its extensive use across compliance regulation in Europe and the ongoing pressure this has put on institutions to ensure they have the procedures in place to meet the requirements, as evidenced by the transaction monitoring thematic reviews of Denmark 2019/20. Evidence therefore demonstrates that any banks that do not include compliance models under their risk management frameworks will need to do so or face the consequences.
There is a strong indication that the review of models within compliance risk is changing and is being taken more seriously and with the same due diligence as within market risk and credit risk, where models must be validated to be fit for their intended purpose both before they are put into production and regularly thereafter.
This change in regulatory focus will require financial institutions to find and accept specialist support and technical expertise to ensure that they are meeting the changing needs of the regulator and to be able to independently and unbiasedly demonstrate, with supporting documentation, that they are compliant.
The reality for banks and financial institutions is that regulators across all jurisdictions will need to follow in Swedish footsteps, to ensure that their regulated entities are operating effectively and efficiently.
Challenges of model adoption
Whilst the reality for financial institutions to embrace model review and validation is clear, it still poses the question as to whether businesses understand how to achieve this effectively. Independent model validation in compliance, is still not covered extensively in the scientific press and with little guidance on best practises to meet requirements the challenge remains for companies to ensure they are independently validating their models without bias.
While independent model validation remains critical to ensure they are fit for intended purpose, in addition to resource and skill requirements, institutions will ace additional challenges posed by the vendor. The vendors’ methodology around model parameters is bound by intellectual property and thus implementing the indicative solutions to ensure the level of risk is within acceptable limits cannot be determined subjectively.
To apply appropriate and objective solutions, institutions need to be able to take a quantitative approach to reverse engineer the model parameters and minimise model risk.
Furthermore with independently validated models certified fit for intended purpose, institutions will need sound documentation of model risk management to ensure complete governance and evidence that change and incident management procedures are in place. This requires a specialist skillset of quantitative expertise with advisory support and a broad understanding of the regulatory requirements of the jurisdiction to ensure all needs are met.
Evolving compliance risk management: beat the curve
To perform compliant risk management internally without bias would be impossible for financial institutions and so it is essential for businesses to embrace collaborative and independent partners to support in independent model validation. Those preparing models, systems and processes ahead of the impending regulatory reviews will have an overall advantage in effectiveness and efficiency while minimising the need for regulatory action to be taken and negating the risk of reputational damage.
For more information on putting data to work in your compliance risk systems contact us.