SR 11-7 and OCC 2011-12 have changed the landscape of model risk management broadly (…and for the better) and in particular the practice of model validation. This guidance, which is essentially rules in the US, have been broadly adopted with modifications to fit local jurisdictions around the globe, provide a definition of what is a model and call for all models to be independently validated at financial institutions.
But rules do not hit all banks in the same fashion and even more importantly, they do not impact the same model used by different banks in the same way. The notion of proportionality is very important to the regulators. It has been variously referred to as “tailoring” as well as “scalability” and in practice it comes down to understanding the risk profile of the institution, how it uses the model and the firm’s knowledge of the risks and limitations of the model. All of these factors need to come into play when performing a validation.
So, in a nutshell, a validation that is appropriate for a large institution that has more risk, a greater reliance on the model’s output or where other factors may come into play could be different in a number of ways than that of a smaller institution with a smaller risk profile or a different use of the model. As an example, a smaller institution with a smaller risk profile that couples the use of the model with a heavy reliance on expert judgement, may require different validation testing than a larger institution. The key to a successful validation is that it provides useful insights that are adopted throughout the bank to improve their risk management of models. The MVC takes into account the risk profile of the bank, the use of its models and the need for information to be used throughout the bank to improve model risk management in performing each validation assignment.