Risk Management & Analytics: Institutions need to understand hidden risks in model validation

Institutions need to understand hidden risks in model validation

Regulators require the model validation process to ensure that financial institutions are properly modeling for risk. Beyond regulatory compliance, model validation also provides business leaders with confidence in their models and helps to reinforce or reassess business and balance sheet decisions shaped by model outcomes. Considering the importance of model accuracy and effectiveness, it is critical to understand hidden risks in model validation practices. Whether a financial institution develops its financial models internally or works with a third-party model software vendor, it is critical to ensure your model validation partner understands and considers hidden risks in model validation. Some such risks include:

1. Inadequate or fragmented data.
The accuracy of your model relies on data. If the data used in your model is limited, fragmented or low in quality, your model will suffer. Ensure your model validation partner is asking the right questions about how your model utilizes data, how it sources, supplements and transforms data, and how it accounts for missing data values. Including a full-data validation will provide confidence in the data quality and the extract-transform-load (ETL) process and make the model more accurate.

2. Lack of third-party model details.
Models that are developed by third-party software vendors provide financial institutions with many benefits, including ease-of-use and peer comparison. However, one drawback in utilizing these models is the lack of transparency about what data is supplied within the model and any assumptions, macroeconomic trends and unique model features that contribute to the outcomes. When validating its third-party model, a financial institution should supply its model validation partner with supporting documentation and insights that may help “get under the hood” of the model without jeopardizing its proprietary nature. The more information provided, the more thorough your model validation.

3. Technical model challenges
Many smaller institutions using model software must rely completely on the technical integrity of the model vendor. In most cases, the model vendor will ensure that its models are performing optimally from a technical standpoint, as it is the crux of its business. While a financial institution is responsible for implementing and customizing the model to incorporate institution-specific scenarios and parameters, this can potentially create technical errors in the process. The model validation needs to focus on the set-up attributes that are applied to define how the data is utilized.

As financial institutions move forward in obtaining a financial model validation, it is important to ask your validation provider if it is aware of some of the hidden validation challenges and risks and how it assesses a model when such risks are present. By proactively and openly discussing potential validation challenges, the model validation provider will be able to focus on areas of the validation that pose a potential problem and may be able to help the financial institution use the model validation as a stepping stone to improving the model and model process.

American Banker publishes MountainView’s CECL white paper

When the Financial Accounting Standards Board finalized the Current Expected Credit Loss (CECL) standard in June 2016, banking regulators and professionals described the standard as “the biggest accounting change the industry has ever seen.” With the standard came a significant amount of time for credit unions to prepare for implementation: December 31, 2021 is the start of regulatory reporting.

Two years after finalizing the standard, “navigating uncertain seas” is a theme that summarizes the overall sentiment credit unions currently have about their implementation progress to date. Amid this sentiment, MountainView’s survey shows most credit unions have made significant implementation progress over the past two years and are finding that their data challenges currently are their biggest obstacle.

Read more: American Banker

American Bankers Association issues checklist, FAQ for GDPR risk management

As banks continue to assess their risks related to the European Union’s General Data Protection Regulation (GDPR), which came into effect on May 25, the American Bankers Association has released a new round of members-only resources to help. Following up on a suite of free member resources provided earlier in the year, ABA on Tuesday released a GDPR risk management checklist and a 32-page FAQ document addressing the most common questions received from community, midsize and regional banks.

Given the uncertainty of GDPR’s effects on domestic US banks and the individual decisions each bank must make on its own risks, these resources are offered to help bankers understand how GDPR may touch their own bank’s business model and market. The checklist can assist a bank in developing its approach to GDPR and shape conversations among bank CEOs, board members, compliance officers, risk management, IT staff and legal counsel.

Read more: American Bankers Association Banking Journal

New DHS cybersecurity command aims to protect U.S. from cyberattacks

In an effort to prevent and thwart cyberattacks, United States Department of Homeland Security (DHS) Secretary Kirstjen Nielsen on Tuesday announced the creation of a new National Risk Management Center to help protect the nation’s critical infrastructure. The center’s goal of protecting the banking, communications, and energy sectors was outlined at the National Cybersecurity Summit in New York.

Given the rise in cyberthreats against the United States, Nielsen wanted to create a place where private companies can get assistance if they’re experiencing a cyberattack. By creating a central authority where a company experiencing a cyberattack can seek the government’s help early on, the center hopes to be able to learn about the attack to help protect others in the same sector or industry from becoming victims.

“An attack on a single tech company can rapidly spiral into a crisis affecting the financial sector, energy systems, and health care,” Nielsen said, highlighting that the center will serve as a hub that brings together government experts and the private sector. “Our goal is to simplify the process, to provide a single point of access to the full range of government activities to defend against cyberthreats.”

Read more: Digital Trends

Click here to subscribe to Situs Newswatch.

Thank you for choosing the Situs Newswatch. If you want to see your company here or have an idea for coverage, please respond to this email or email inquiries@situs.com for more information.