2024 has begun with most institutions facing a number of unknowns impacting near- and longer-term decisions. Have interest rates peaked, and if so, is the industry prepared for what is to come? What will depositors do in 2024, and how will that impact funding costs and liquidity pressures? Is there the potential for exposure from models that may not be performing to their optimum abilities?
Opportunity costs or the longer-term impact of making the wrong decisions can have a significant bearing on ongoing success. For better, more confident decision-making in the year ahead, consider the three key steps of a risk management “health check.”
Confirm the reliability of model inputs (i.e., data and assumptions) to ensure accurate model results
Enhance liquidity management and contingency planning processes to prepare for the next liquidity event
Focus on Model Risk Management (MRM) and validation to help ensure high-risk models work as intended
Step 1: Model Inputs
When performing our own personal health checks, physicians tell us that we are only as healthy as what we consume. The same can be said for models – the reliability of the output is only as good as the quality of the inputs.
It’s interesting to note that given how important data quality is to reliability, more care is often not taken to ensure data files are complete and accurate when implementing and updating models. Errors in data can not only impact account structure and segmentation, but also the cashflows driving the results of many risk models that are foundational to strategy.
Another important component of model performance is model assumptions. Outdated or unsupported assumptions can translate into unreliable outputs, and that can frequently lead to bad decision-making. Considering an IRR model, for example: there are thousands of assumptions, but only a handful that truly can impact results. Ensuring that not only are the assumptions entered into the model correctly (audit), but that they are also reasonable and supportable for the institution (validation), is critical to build confidence in subsequent decisions.
Step 2: Liquidity Management
The challenges facing bankers with regard to liquidity have less to do with current liquidity levels and more with the ability to withstand a liquidity crisis. Liquidity levels can change very quickly, but the true benefits of a sound liquidity management process can be found in risk monitoring, more intensive stress testing (inclusive of relief scenarios), and a contingency funding plan (CFP) document that provides the blueprint for crisis management.
Risk Monitoring: A well-designed risk monitoring process provides information about trends that could impact liquidity levels or availability. This multi-level system should include a variety of indicators that will vary for each institution. Additionally, qualitative response and action plans should be under constant review to ensure adequate preparation for potential liquidity pressures.
Stress Testing: Liquidity stress testing is a critical part of the risk management process, as it not only helps identify what may cause a liquidity crisis, but also outlines how well-prepared the institution may be to handle it (in terms of timing and resources) as well as what a potential response(s) would be. Note that while including relief scenarios in stress testing is considered a valuable addition to the analysis, it is also now something that is expected from the examiners. This information is important to allay concerns from regulators, management, and the Board about preparedness for unexpected liquidity events.
Contingency Funding Plan: Risk monitoring and stress testing are critically important to the liquidity management process; however, the process cannot succeed without a CFP outlining a liquidity crisis “game plan.” This document should be reviewed regularly and updated (particularly given the bank failures of early 2023) and should include (but not be limited to):
Roles and responsibilities of crisis team members
Risk tolerances and action plans
Key risk indicators (KRIs) and early warning indicators (EWIs)
Stress testing and relief scenario details
Primary contacts and execution details for liquidity sources
Step 3: Model Risk Management and Validation
So how does an organization go about making the above processes part of an institution’s risk management standard?
Model Risk Management provides structure for an organization to oversee model implementation and ongoing development, and helps ensure that models are working at intended and appropriately. For example, many organizations with an MRM program in place had an easier time implementing CECL than those that did not, as MRM helps ensure proper model development, adequate documentation, testing, controls, and governance.
The standards of building out a “right sized” MRM program may appear overwhelming, but breaking them down into key components can reveal them to be more manageable than at first glance. When structured appropriately, MRM can provide significant benefits for an institution by improving the quality and reliability of model results.
For an MRM program to truly make a difference, it all starts with effective policy and procedures. These documents should outline the governing structure, roles, responsibilities, model inventory standards, processes, and current risk rating process. Additionally, they should describe the criteria and processes related to controls, data management, documentation, performance monitoring, development, implementation, model use, validation, exceptions, and reporting. A model risk management policy should also include the definition of the model and model risk.
While MRM will strengthen internal model performance oversight, it is equally as important to ensure that model validation rigor is commensurate with the institution’s risk ratings and provides effective challenge (defined by MRM Guidance as "Critical analysis by objective, informed parties that can identify model limitations and appropriate changes.”).
The term “model validation” is often broadly defined, and it is important that an institution understands its goal when engaging a third-party validator. If the goal is regulatory compliance, an “audit” may have been sufficient in the past. However, the stakes are now higher due to the increased complexity of models and the reliance on model output for decision-making and risk management.
Whether seeking a first-time validation or monitoring ongoing model performance, carefully consider partnering with a validator who not only has the technical expertise and horizontal experience to ensure models are functioning at their peak, but who also has the necessary cachet to effect change in the event they are not.
Health checks for risk management (as with for your personal well-being) are not something to be done once only. Find out where you have areas to improve and work on strengthening them throughout the year, which will make your overall process stronger. Better models lead to better decisions, and better decisions lead to better bottom line performance. But that takes time and dedication to a process. A great 2024 starts with looking inside and fixing some of the little things that can lead to big improvements.
For more Model Risk Management insights, click here.
ABOUT THE AUTHOR
Mark Haberland is a Managing Director at Darling Consulting Group. Mark has over 25 years providing balance sheet and model risk management education and consulting to the community and mid-size banking space. A frequent author and top-rated speaker on a wide array of risk management topics, Mark facilitates educational programs and workshops for numerous financial institutions, industry and state trade associations, and regulatory agencies.
Contact Mark Haberland: firstname.lastname@example.org or 508-237-2473 to learn more about effective challenge and Model Risk Management.
© 2024 Darling Consulting Group, Inc.